Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM"

Transcription

1 IIA South Event 16 th June 2015 Cyber, Social Media and IT Risks 1 st and 2 nd Line Perspective David Canham (BA) Hons, MIRM

2 Agenda This evening we ll cover the following: Who, why and what? Traditional information security versus cyber risk management Impact of social media Is the message heard? Who is in charge of the cyber agenda in your organisation? Cyber insurance - where does it fit in?

3 Points to Consider as we Talk Three challenges Protect the Brand (Franchise / Reputation) Protect Yourself (All of yourself) Insurance for cyber

4 Who, Why and When? Hacktivist Criminal Nation State Inside Job?

5 So where is the Cyber Threat coming from? 28 August 2013 New York Times and Twitter struggle after Syrian hack 13 August 2013 Dalai Lama's Chinese website hacked and infected 27 August 2013 The Chinese-language website of the Tibetan government-in-exile, whose spiritual head is the Dalai Lama, has been hacked and infected with viruses China hit by 'biggest ever' cyber-attack China has said it has suffered its "biggest ever" cyber-attack, causing many websites based in the country to go temporarily offline. Pro-Assad Syrian hackers launching cyberattacks on western media Syrian Electronic Army claims responsibility for attack on Guardian and other organisations 13th August 2013 China denies cyber attack allegations A secretive branch of China's military is probably one of the world's "most prolific cyber espionage groups", a US cyber security firm has said. Mandiant said Unit was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world.

6 Cyber Case Studies

7 The thin blue line or governance? Four Cornerstones: Delegated Authorities what people can do Committees How oversight is provided Organisational Policies High level organisational principles Risk Management Informed decision making

8 Delegated Authorities Traditional Approach Complex sign off loops Elements of bureaucratic behaviour and / or practice Paper production hoops to achieving sign off Where responsibility for information security resides? 19% Cyber Requirement 10% 48% Real Time decision making Clear accountability and pace Extended enterprise delegation 23% CEO CIO COO Other Delay or inaction could be more damaging than the incident itself

9 Committees 53% of the CIM Survey had an information security committee Traditional Approach Usually periodic and in some cases static agenda Paper lead, discussion predominantly around lag indicators Lack of clear accountability for decision making, management by committee Cyber Requirement Where possible lead indicators to be developed (do you have them?) Use of threat intelligence and case studies Targeted War games for preparedness Oversight of technology alongside and integral in business process and strategy Cyber governance movement from review by committee to reaction

10 Organisational Policies 65% of the CIM Survey did not know if their organisation was accredited to a information security standard Traditional Approach Technical in nature Unlikely to be integrated with HR and Learning Development interventions Sign off annually via a CBT Cyber Requirement Understand the culture, the blur between professional and private life and the audience Develop engaging awareness programmes across different communication channels Ensure that policies are reviewed and updated in line with pace of the threat faced Policies are shelf ware without appropriate engagement

11 Risk Management Its what we do is it not? Traditional Approach Bridge the gap between technicians and business staff Bring external insight and challenge to existing thinking Assists business leaders in setting risk appetite and / or tolerance across the institution Cyber Requirement Translate and cut through the media hype to give a balanced view Help develop the lead MI and analyse the external intelligence to bring insight Balance the impact and probability to other risks within the institution Has the role or technique changed or has the expectation increased

12 Cyber Auditing High Level Planning Traditional review of the organisational Risk Data External factors, extended enterprise, business conditions, past cases Control and Remediation Creating a test plan that acknowledges different control types, preventative, corrective & detective Time and pace of remediation, six month programmes versus immediate action Being even more robust with management in outlining expectations Pace of Audit Traditional control testing can be routine but additionally; Forensic support in the event of an incident Internal Audit as a weapon at managements disposal? Has the role or technique changed or has the expectation increased

13 Governance Conclusions Commitment on the corporate agenda Is it clear who is responsible and sponsorship achieved? Is there a clear view on investment over security being an overhead? Is the balance between technical control and cultural defence understood? Corporate or Personal Education or Both In an increasingly interconnected world with blurred boundaries do institutions have a moral and corporate responsibility to raise awareness amongst the workforce? Compliance, Regulation and the Law Do institutions aim for the minimum to get through favouring chasing growth? Increase in interest from regulatory bodies e.g. FCA/PRA/HMT Cyber Questionnaire Pace of the threat and organisational governance Pace of decision making when a cyber intrusion is discovered Clear on who takes the lead and the accountability e.g. Incident Management framework

14 Social, Internet and Mobile Universe

15 Some facts and figures from the turn of the year. An average FB user has 130 friends, and 25% do not bother with privacy controls 23% of FB users access there account more than 5 times a daily More than 25 billion pieces of FB content are shared monthly 100 million active users access FB on their mobile device Twitter gets more than 300,000 new users every day Twitter started as a simple text message service Over 60% of twitter users are outside of the US Linked in is the oldest of the mainstream sites, started in 2003 There are more 70m users of Linked in worldwide 80% of companies use Linked in as a recruitment tool 90% of Internet user know at least one social network

16 Protect Yourself - Social Media Case Study Emma Way, 21, tweeted in May: Definitely knocked a cyclist off earlier I have right of way he doesn t even pay road tax. Personal Accountability? Employer refuses to comment Lessons for an organisation? Lessons for an individual Guilty? BBC News Website:

17 Has the Message been Heard? 10 Steps EVERY board member should understand that can eliminate c.80% of Cyber threats 1. Home and mobile working 2. User education and awareness 3. Incident Management 4. Management of user privileges 5. Removable media controls 6. Monitoring 7. Secure configuration 8. Malware protection 9. Network Security 10. Information risk management regime Web address -

18 Who is Listening to your Message? / Who needs to? Social Media followers With so many different stakeholders, an organisation regardless of public, private, local or multinational will be subject to different views on compliance and security for instance, the regulator maybe considered to be black and white, the individual maybe more relaxed, in particular if they are a social media user?

19 Could we define coherently the cyber risk in business terms to all Internal and External stakeholders?

20 Insurance for Cyber Traditional Policies or Something new? Benchmark for control in underwriting a risk? BIS Cyber Essentials CREST / CBEST NIST Framework ISO27001 Then of course there is the issue of data and historic losses. Question will regulation such as the EU Data Privacy act lead to more insurance products being further developed?

21 Closing Thoughts - Protect Yourself (All of yourself) What salary would have to be offered before you accepted your dream job from that HR Agency via Linked in? How many holidays have you told me about via Facebook? Have you been trained not to open that attachment / click that link? Does your personal risk and work risk look different? Like all industries does Financial Services invest purely in work education or with such a blur between private and professional lives is it now imperative to cover both to be seen as an employer of choice?

22 Closing Thoughts - Protect the Brand - Some basic specifics to think about The Crown Jewels What can the organisation not live without, where is it stored and how is it protected The process value chain The internal, the external, the distributor network, do they apply all the same logic as you do to security Risk appetite / tolerance Is it clear the minimum and the maximum your organisation is prepared to accept in terms of the security agenda and the trade offs required Focus Is there sufficient focus, it s a crowded organisational agenda, there s a lot of short term pressures versus a longer term difficult to quantify threat Innovation Is there suitable innovation in your approach to cyber its not all bad, where's the opportunties

23 Closing Statement Personal Thoughts Awareness and interest at board level has increased Lack of substantive data within the Financial Services arena continues to pose a problem Media is hyped Cyber war! Where does the investment profile lie in the organisation, still with the CIO / CISO With an interconnected world, increase in mobile devices and digital solutions and social media, Information Security Risk continues to evolve. It is the challenge of all industries to respond both internally, through the extended enterprise and with their people

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

Cyber security Keeping your business resilient

Cyber security Keeping your business resilient Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Cyber Security for audit committees

Cyber Security for audit committees AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have

More information

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)

More information

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK 1 AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY 14 October 2015 OPENING ADDRESS LYNWEN CONNICK Thanks Arno, and good morning everyone. Welcome to Australian Information Security Association

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

CYBER SECURITY THREAT REPORT Q1

CYBER SECURITY THREAT REPORT Q1 CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

ACE European Risk Briefing 2012

ACE European Risk Briefing 2012 #5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Secure by design: taking a strategic approach to cybersecurity

Secure by design: taking a strategic approach to cybersecurity Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Cybersecurity. Considerations for the audit committee

Cybersecurity. Considerations for the audit committee Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial

More information

Cyber Security Threats: What s Next and How Do We Reduce the Risks?

Cyber Security Threats: What s Next and How Do We Reduce the Risks? Cyber Security Threats: What s Next and How Do We Reduce the Risks? Agenda Cyber Security: A necessity! What threats exist today? What does the future hold? How do we reduce the risks? Key for Risk Reduction

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Risks and Insurance Solutions Malaysia, November 2013 Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare

More information

Tackling the growing risk of cyber crime

Tackling the growing risk of cyber crime Financial Institutions Customer Industry Community Tackling the growing risk of cyber crime Discussion points for financial institutions Contents Introduction 3 The scale of cyber risk 4 Zurich survey

More information

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014 Knowing Your Enemy How Your Business is Attacked Andrew Rogoyski June 2014 Why Cyber is the New Security 1986: Lawrence Berkeley NL discovers attempt to copy US Government Information on Arpanet 1988:

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

Cyber Security key emerging risk Q3 2015

Cyber Security key emerging risk Q3 2015 Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se Companies falling behind are more

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

CYBER-ATTACKS THE GLOBAL RESPONSE

CYBER-ATTACKS THE GLOBAL RESPONSE R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit

More information

ENABLING THE BUSINESS WITH SOCIAL RELATIONSHIP PLATFORMS

ENABLING THE BUSINESS WITH SOCIAL RELATIONSHIP PLATFORMS WHITE PAPER ENABLING THE BUSINESS WITH SOCIAL RELATIONSHIP PLATFORMS AN EASY WIN FOR STRATEGIC CIOs THE ROLE OF THE IT LEADER IS CHANGING. CIOs must shift their focus from keeping the lights on to enabling

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

RETHINKING CYBER SECURITY Changing the Business Conversation

RETHINKING CYBER SECURITY Changing the Business Conversation RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.

More information

The Cancer Running Through IT Cybercrime and Information Security

The Cancer Running Through IT Cybercrime and Information Security WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015 Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are

More information

CyberSecurity for Law Firms

CyberSecurity for Law Firms CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity

More information

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security

More information

Facebook Advertising Playbook

Facebook Advertising Playbook Facebook Advertising Playbook TABLE OF CONTENTS I. INTRODUCTION 6 II. ABOUT THIS REPORT 6 III. ABOUT IMPARTURE 7 1. INTRODUCTION TO FACEBOOK ADVERTISING 8 1.1 UNDERSTANDING TERMINOLOGY 8 2. THE CASE FOR

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

ICAEW. Audit Insights. Cyber Security 2015

ICAEW. Audit Insights. Cyber Security 2015 ICAEW Audit Insights Cyber Security 2015 BUSINESS WITH CONFIDENCE icaew.com/auditinsights About the ICAEW IT Faculty The ICAEW IT Faculty provides products and services to help its members make the best

More information

PROMOTION // TECHNOLOGY. The Economics Of Cyber Security

PROMOTION // TECHNOLOGY. The Economics Of Cyber Security PROMOTION // TECHNOLOGY The Economics Of Cyber Security Written by Peter Mills Malicious cyber activity, from hacking and identity fraud to intellectual property theft, is a growing problem within the

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Highlights from the Security Awareness Special Interest Group (SASIG) New Year 2014 event:

Highlights from the Security Awareness Special Interest Group (SASIG) New Year 2014 event: Highlights from the Security Awareness Special Interest Group () New Year 2014 event: Cyber security adopting a new approach to answer the Board s concerns Hosted by EY: 14th January 2014 The Security

More information

Surviving the Ever Changing Threat Landscape

Surviving the Ever Changing Threat Landscape Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state

More information

Cyber security guide for boardroom members

Cyber security guide for boardroom members Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

PCI DSS Investing wisely...

PCI DSS Investing wisely... PCI DSS Investing wisely... Hotel webinar Neira Jones Head of Payment Security Barclaycard Global Payment Acceptance 25 th July 2011 Leading the way in secure payments global payment acceptance Hotel Security

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Technology and Cyber Resilience Benchmarking Report 2012. December 2013

Technology and Cyber Resilience Benchmarking Report 2012. December 2013 Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities

More information

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and

More information

Trends in Cybersecurity and Privacy

Trends in Cybersecurity and Privacy www.pwc.com/ca/security Trends in Cybersecurity and Privacy Insights from The Global State of Information Security Survey 2016 Ottawa, Ontario April 13, 2016 Your speakers today David Craig Anthony Dias

More information

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

The Institute of Risk Management. Cyber Risk. Executive Summary

The Institute of Risk Management. Cyber Risk. Executive Summary The Institute of Risk Management Cyber Risk Cyber Risk Our supporters Moving from a range to a single number risk allowance is a matter of judgement. 2014 The Institute of Risk Management. All rights reserved.

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Allianz Global Corporate & Specialty. Cyber Risks. Recent Trends. AIRMIC 15 th June 2015

Allianz Global Corporate & Specialty. Cyber Risks. Recent Trends. AIRMIC 15 th June 2015 Allianz Global Corporate & Specialty Cyber Risks Recent Trends AIRMIC 15 th June 2015 Copyright Allianz Global Corporate & Specialty 2014 1 Copyright Allianz Global Corporate & Specialty 2014 2 Allianz

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013 Cyber-security: legal implications for financial institutions IAPP Europe Data Protection Intensive 2013 Vivienne Artz Managing Director and General Counsel, Citi Cyber threat landscape Kris McConkey Director,

More information

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint Under control 2015 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fourth annual review of the IT hot topics for IT internal audit in financial

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost/Benefit Analysis

The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost/Benefit Analysis The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost/Benefit Analysis Paul A. Ferrillo March 2015 The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost Benefit Analysis Until

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Welcome. HITRUST 2014 Conference April 22, 2014 HITRUST. Health Information Trust Alliance

Welcome. HITRUST 2014 Conference April 22, 2014 HITRUST. Health Information Trust Alliance Welcome HITRUST 2014 Conference April 22, 2014 HITRUST Health Information Trust Alliance The Evolving Information Security Organization Challenges and Successes Jason Taule, Chief Security and Privacy

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

BT Security Recruitment

BT Security Recruitment BT Recruitment BT An Option For You? 1 Introduction - Tinker, tailor, soldier cyber-defender? (Taken from the BT Assure RUSI article: http://www.globalservices.bt.com/static/assets/pdf/defence/rusi_bt_v2.pdf)

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

REPORT. 2016 Outlook: Vulnerability Risk Management and Remediation Trends

REPORT. 2016 Outlook: Vulnerability Risk Management and Remediation Trends REPORT 2016 Outlook: Vulnerability Risk Management and Remediation Trends Table of Contents Executive Summary... 3 Current Trends in Vulnerability Risk Management... 4 Putting Management in Vulnerability

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Risk Management Policy

Risk Management Policy Risk Management Policy June 2015 1 2 Contents 1. Policy Objectives and Background... 4 1.1. Policy Background... 4 1.2. Policy Objective... 4 1.3. Policy Sponsor and Maintenance... 4 2. Risk Types and

More information

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015 Maritime Insurance Cyber Security Framing the Exposure Tony Cowie May 2015 Table of Contents / Agenda What is cyber risk? Exposures - Should we be concerned about "Cyber"? Is Cyber covered under a Marine

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

FOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks

FOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks F-43 FOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks Possible Ouestion Why has the Government not confronted China about cyber attacks including on DFAT, such as those aired

More information

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

The battle to contain fraud is as old as

The battle to contain fraud is as old as 22 SPONSORED FEATURE COMBATTING DIGITAL FRAUD Combatting digital fraud Combatting digital fraud has become a strategic business issue for today s CIOs. The battle to contain fraud is as old as business

More information