CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY"

Transcription

1 CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

2 INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes more complex, CISOs, security committees, executives and boards of directors are demanding meaningful information for decision-making. However, cyber security stakeholders face significant challenges identifying, obtaining, processing and aggregating key information that enables them to steer towards defined targets effectively, and ultimately be in better control of their organisation s cyber security. In practice, the responsibility for cyber security is often distributed amongst different organisational areas as is the relevant information. In addition, the range of activities related to cyber security is so broad that it is not easy to identify the key elements that indicate how cyber security is contributing to (or even preventing) the achievement of the business s goals. And, as if that isn t enough of a challenge, the highly technical, specialist origins of cyber security often result in highly technical, specialist sets of information that, although essential for operational activities, are not valuable for high-level, business decision-making. The good news is that complexity, interdependency, specialisation and large quantities of information are not new challenges for the business world. As mentioned in our publication The five most common cyber security mistakes, KPMG approaches cyber security as business as usual an area of risk that requires the same level of attention as fraud. And in the same way that other business areas are monitored and measured, cyber security can be monitored and measured with the support of dashboards that display the right key performance indicators (KPIs). 1 Cyber Security is the endeavor to prevent damage by disruption, outage or misuse of IT and, if damage does occur, the repair of this damage. The damage may consist of: impairment of the reliability of IT, restriction of its availability, and the breach of confidentiality and/or the integrity of information stored in the IT system. (Source: National Cyber Security Strategy ). 2 FEEL FREE Cyber Security Dashboard

3 WHY A CYBER SECURITY DASHBOARD? In short, a Cyber Security Dashboard will help you steer your organisation towards the desired cyber security position, while providing answers to key questions often raised by executives. Examples of these questions are: BOARD OF DIRECTORS What is the status of our cyber resilience capabilities compared to the current and expected threat level? What is the impact that cyber security risks have on our strategy? How do our measures and investments compare to the rest of our sector? Are we compliant with the relevant cyber security and related regulations? Are we in control of cyber security in the value chain? CIO What are the key drivers in cyber security risk management and how are they developing? What is the status of our preventative capabilities, as related to cyber security? What is the status of our detective and reactive capabilities, as related to cyber security? What is the status of the compliance framework? What were the root causes and actions taken in relation to the high-impact incidents in the last period? FEEL FREE Cyber Security Dashboard 3

4 When adequately designed and implemented, Cyber Security Dashboards also provide: INSIGHT into the overall state of cyber security, as related to business targets. This allows for improved decision-making and better control of cyber security; FOCUS on what is important for the business. Cyber security efforts should be balanced between business risks and opportunities. Nevertheless, it is easy to lose focus when the information available is too spread, detailed or technical to provide a consistent overview; COMMUNICATION & AWARENESS. Business executives and boards of directors are demanding relevant information, while cyber security professionals are trying to raise the awareness of executives and boards of directors. A Cyber Security Dashboard provides a means of communication that facilitates awareness of major areas of concern from both perspectives: cyber security and organisational goals; STANDARDISATION AND EFFICIENCY, particularly across regions and functional units within large organisations. As mentioned earlier, the responsibility for information security is often scattered, with local or regional security officers often interpreting, customising and implementing policies that are usually defined at corporate level. This sometimes results in nonstandard reporting formats, increasing the time required to compile and produce aggregated reports, as well as the work required to interpret them. Depending on the specific purpose of the dashboard, some benefits may be more prevalent than others; in any case, the dashboard will contribute by providing an overview of the main information needed to control cyber security and make decisions that further the business objectives. But what information should a Cyber Security Dashboard display? In the same way that each organisation has a unique strategy, culture and maturity, it has unique cyber security information needs. Through a combination of research and our extensive experience, KPMG has identified six key areas of focus that provide a comprehensive overview of cyber security. 4 FEEL FREE Cyber Security Dashboard

5 THE CYBER SECURITY DASHBOARD FOUNDATION: SIX AREAS OF FOCUS The areas of focus serve as the foundation for identifying the most relevant measures to be considered on a company s dashboard. They cover the core areas of cyber security: risks, compliance, incidents, awareness & culture, threat level and key cyber security projects in development. PROJECTS - Impact on risk reduction - Progress - Cyber Security Maturity RISKS - Benchmark with peers - Coverage - Top risks - Others AWARENESS & CULTURE - Learning scores - Training coverage - Incidents and other violations associated with awareness AREAS OF FOCUS COMPLIANCE - External - Internal - Readiness THREAT LEVEL - External - Internal INCIDENTS - Statistics - Incident Management - Benchmark with peers FEEL FREE Cyber Security Dashboard 5

6 CYBER SECURITY RISKS Cyber security management and business decisionmaking are closely related to risk management. Executives and board members need to understand and monitor the cyber risks that may hinder the organisation s ability to achieve its goals. These risks are represented by key risk indicators (KRIs) that are directly derived from the organisation s strategy. For example, if a retail company s strategy is to grow through increased revenue and market share on e-commerce channels, then the downtime of online shopping sites directly affects the realisation of the strategy, becoming a KRI. Another perspective on risk may be provided via benchmarking. Executives often want to know their organisation s status compared to industry peers or best practices. Benchmarks related to organisational maturity levels and framework compliance are available in the marketplace. Likelihood TOP 10 RISKS 6 5 R3 R8 4 R4 R6 R R9 R5 R10 R7 R Impact Top Risks RISK DESCRIPTION LEVEL TREND COMMENTS R1 LOSS OR ALTERATION OF INTELLECTUAL PROPERTY Very High Existing system does not allow control of administrators. Analysis for change of system in progress. R2 SENSITIVE COSTUMER DATA DISCLOSURE Medium Inventory of repositories is at 80%. Identified repositories are compliant with risk apetite. R3 UNAVAILABILITY OF ONLINE SALES CHANNELS High Penetration test identified severe vulnerabilities in configuration. Changes in progress. R8 STRATEGIC INFORMATION LEAKAGE Very High Increased impact with new business project. IT acquisition and awareness trainings in process. R7 FINANCIAL FRAUD Medium Recent audit findings identified failures in user management processes. Changes in progress. Benchmark Security Forum Control Framework 2014: second quartile 6 FEEL FREE Cyber Security Dashboard

7 COMPLIANCE In practice, one of the main drivers of cyber security is compliance. Typical requirements that organisations need to comply with include laws, regulations and contractual demands from business partners, suppliers and customers. Failing to comply may result in substantial fines, termination of contracts with strategic partners or customers and, ultimately, suspension to operate. Furthermore, as threats increase and customers demand higher levels of data protection, new compliance requirements are continuously emerging. Being able to proactively monitor your organisation s readiness to meet coming requirements may allow for a more timely and cost-effective compliance strategy. Overall Maturity per Requirement (Europe) Other ISF Current Target DNB PII Internal Framework ISO CYBER SECURITY INCIDENTS Incidents do happen, and we need to react to, and learn from them. Analysis of information security incidents often provides business stakeholders with an additional perspective on risk levels, making it highly valuable. Usual measures of interest are general statistics on severe incidents such as the number, business impact and source; benchmarking with industry peers; and elements associated with the effectiveness of the incident management process, such as average incident detection/response time. Impact of incidents per category of threats (in millions) Error Physical theft/loss Insider Misuse Social Malware Hacking FEEL FREE Cyber Security Dashboard 7

8 AWARENESS & CULTURE As important as awareness is, measuring it objectively poses a significant challenge. Current social and technology trends are forcing organisations to become more reliant on end-user behaviour to protect information. Telecommuting and bring-your-own-device are common practices worldwide, making information readily available almost everywhere, and more difficult and expensive to protect. Cyber security awareness aims to develop specific behaviours in employees, contractors and other parties that process or use the organisation s information. The main objectives are to reduce risks related to human error, as well as the time required to identify incidents and violations. There is no single metric that accurately and objectively assesses people s level of understanding, or their expected reaction should a cyber security situation arise. This is why KPMG approaches this dimension from two perspectives: KPMG measures behaviour by looking at 8 soft controls: clarity of rules; exemplary behaviour; practicability; involvement; visibility; organizational openness; peer Openness and enforcement. Being able to determine and compare security awareness levels between business units and regions supports decision-makers in prioritising resources and activities. Awareness Current Target Enforcement Response Clarity of Rules 100% 80% 60% 40% Exemplary Behaviour Prevention training what is the company doing towards culture development and actual behaviour what is the result of those actions. Peer Openness 20% 0% Practicabillity Indicators in training are usually related to coverage of the target audience and scores on assessments such as e-quizzes or surveys. Organizational Openness Involvement Detection Visibility 8 FEEL FREE Cyber Security Dashboard

9 AWARENESS KEY SECURITY PROJECTS/INITIATIVES Knowing the progress and general status of the major security projects is essential to cyber security management. Furthermore, executives want to be able to assess the potential impact of these projects on cyber security posture, the potential constraints they may pose to target achievement, and whether actions are required to guarantee alignment with business objectives. THREAT LEVEL Modern cyber resilience is based on threat intelligence. The better an organisation understands its threat environment, the better it can prepare and 0 respond to it. 100 Threats in the cyber landscape include nations, activists, organised crime, the competition 70 and the organisation s insiders, amongst others. By gathering and analysing data from internal and external - No sources, recent incidents and identifying their implications in your - Positive own environment, scores test it (Q3-2013) is possible to obtain an overview of a general threat level that can be used as a point of reference. Threat level Key cyber security projects/initiatives Project Division Status vs. target IRM Cyber Security Governance Outsourcing review ISO Certification Awareness EMEA EMEA ASIA AMERICAS ALL Progress vs. plan No discernible activity with a moderate or severe risk rating. Source: ThreatCon These areas of focus are not exhaustive, but they cover the key areas KPMG has found to make the difference in controlling cyber security. The goal is to identify the areas that better fit your organisation s current and future business needs and include them as part of the dashboard. It is possible that additional topics, such as costs and budget-related indicators also need to be considered, but at the end, what matters is that the selected elements actually contribute to business decision-making, respond to the audience s needs and are aligned with the company s current security practices. FEEL FREE Cyber Security Dashboard 9

10 STRATEGIC APPROACH TO A CYBER SECURITY DASHBOARD Defining and implementing a dashboard is a challenging project. Difficulties commonly found on the way include selecting the dashboard elements that will support decision-making, unforeseen impacts on operational and tactical processes, and complex data sources sometimes dependent on third parties. This is why KPMG has developed a strategic, phased approach: by incrementally defining and constructing the dashboard, requirements are constantly refined, while enabling optimal management of investment and creating situational awareness of the target audience. The dashboard is built in two main phases, so from the beginning the benefits are tangible: first the reporting elements & prototype are defined, and then the dashboard is automated and embedded in the processes. REPORTING ELEMENTS & PROTOTYPE DEFINITION INITIAL DESIGN PROTOTYPE Identification of key stakeholders and their needs Design prototype Assessment of delivery capabilities Evaluation and refinements DETAILED DESIGN Develop dashboard growth model Build business case DASHBOARD IMPLEMENTATION & AUTOMATION PROOF-OF- CONCEPT BUILD DASHBOARD Build PoC Phased approach for dashboard development Evaluate PoC Implementation and embedding per phase TRAINING & SUPPORT Training of users and administrators Establish organisation for support and enhancements 10 FEEL FREE Cyber Security Dashboard

11 The initial design should be balanced against what we refer to as delivery capabilities, in other words, elements within the organisation that enable the desired outcome. Examples of these capabilities are the organisation s maturity, management support, internal processes, and available data sources and technology. Delivery capabilities often pose important challenges for the project. For example, a data source may seem reliable and comprehensive, but later on it can be found that the data only covers a low percentage of the target population, or that the originating process is highly prone to human error. Once the initial design is finalised, a prototype is built. The prototype allows for validation of the initial requirements, and results in design and metric adjustments. The subsequent two stages focus on the development of a proofof-concept that will determine whether the organisation is ready to build the dashboard, provided a growth model and a business case. After the proof-of-concept has been positively evaluated, the dashboard is developed. This is achieved by following a phased approach that allows for gradual embedding in the internal processes. During this stage, common challenges relate to stakeholder management and dashboard embedding, since certain (parts of) processes may require changes to successfully incorporate the tool. Finally the transition activities take place, including training, implementation of the support scheme, and update and expansion processes. FEEL FREE Cyber Security Dashboard 11

12 CONCLUSION Strategic Risk 4 Measuring and reporting on cyber security to the strategic level is not an easy task. Most existing security metrics focus on operational and technical aspects, while executives are demanding high-level, meaningful businessrelated information. In addition, the delegation of cyber security activities to local/regional security officers often results in non-standardised reporting, hindering in turn decision-making processes. Impact R5 R3 R2 R1 R4 The end result may look simple but to deliver and successfully embed a reliable Cyber Security Dashboard requires skills and experience in many diverse areas, during each of the development phases. A strategic approach to the definition of a Cyber Security Dashboard helps your organisation steer on key focus areas, create situational awareness, standardise reporting practices, align cyber security with the business and improve the control over cyber security activities Chance Maturity 3,5 3,0 2,5 2,0 1,5 1,0 0,5 0,0 IT Health Finance Administration HR Risk Marketing Treasury Industry 12 FEEL FREE Cyber Security Dashboard

13 Strategic Projects Key Incidents CMDB setup project 4 External penetration test 3 Hiring SOC personnel Information security plan 2015 Internal vulnerability scanner Occurance % ,000 10,000 Impact % Status vs. Target % Target vs. Plan Denial of Service Misc. Errors Unknown Insider Misuse Physical Theft Compliance Threat Level Requirement Category Current level Current level COBIT 75% 80% 80% Competitors 3 DNB (banks) 90% 90% 20% Cyber Investigators 2 Internal Framework 60% 30% 10% Cyberpunks and scriptkiddies 4 ISF 60% 60% 60% External consultants 2 ISO % 65% 65% Hacktivists 1 SANS 70% 70% 65% Internal employee 4 SOx 70% 90% 90% Organized cyber criminals 4 States 2 FEEL FREE Cyber Security Dashboard 13

14 WHY KPMG? The Cyber Security Dashboard is one component of KPMG s Global Cyber Transformation Service[s]. Our vision is to make cyber security an integral part of your business through: EXPERIENCE We understand the business and know about cyber security. We have supported organisations in diverse industry sectors in developing Cyber Security Dashboards, and have identified key information and metrics that strategic stakeholders are looking for; INTEGRATED APPROACH We bring together specialists in information protection, risk management, organisational design, behavioural change and intelligence management. These combined skills are utilised to tailor a solution relevant to your risk appetite and the cyber threats your organisation faces; END-TO-END VISION We do not just display data on a dashboard but also analyse the related processes and identify potential areas of improvement. By analysing the dashboard audiences and their activities, we develop the dashboard accordingly. Assistance is provided with embedding the dashboard within existing processes and leveraging it to further the organisation s capabilities; DATA RELIABILITY KPMG is an audit firm. We look for reliable data. We challenge the data sources and assist in taking the steps required to make it accurate, complete and, ultimately, suitable for decision-making. 14 FEEL FREE Cyber Security Dashboard

15 FEEL FREE Cyber Security Dashboard 15

16 Contact John Hermans Partner Tel: Dennis de Geus Director Tel: Koos Wolters Director Tel: kpmg.com/nl/cybersecurity, registered with the trade register in the Netherlands under number , is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The name KPMG, logo and cutting through complexity are registered trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Cyber Security: from threat to opportunity

Cyber Security: from threat to opportunity IT ADVISORY Cyber Security: from threat to opportunity www.kpmg.com/nl/cybersecurity From threat to opportunity / Cyber security / 1 FOREWORD OPPORTUNITY-DRIVEN CYBER SECURITY Cyber security (also known

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity

Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity IT ADVISORY Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity TABLE OF CONTENTS 1 Cyber security, a theme for the boardroom 3 2 What is cyber security? 4 3 Relevance to the boardroom

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

Running the business of IT metrics that matter

Running the business of IT metrics that matter INFORMATION TECHNOLOGY SERVICES Running the business of IT metrics that matter November 2014 kpmg.com Contents Introduction... 2 Do you have the right KPIs to run IT as a business?... 4 Data is not the

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Cyber Security Risks for Banking Institutions.

Cyber Security Risks for Banking Institutions. Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

TAX MANAGEMENT CONSULTING. How can you be more efficient at managing tax?

TAX MANAGEMENT CONSULTING. How can you be more efficient at managing tax? TAX MANAGEMENT CONSULTING How can you be more efficient at managing tax? NEW HEAD OF TAX/CFO TAX TRANSPARENCY Business Case Dispute Resolution Finance Transformation Authority Interaction Compliance Delivery

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

HR Function Optimization

HR Function Optimization HR Function Optimization People & Change Advisory Services kpmg.com/in Unlocking the value of human capital Human Resources function is now recognized as a strategic enabler, aimed at delivering sustainable

More information

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

London Business Interruption Association Technology new risks and opportunities for the Insurance industry London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Exploring the Latest Cyber Risk Trends in EMEA

Exploring the Latest Cyber Risk Trends in EMEA Aon Risk Solutions Aon Centre for Innovation and Analytics Exploring the Latest Cyber Risk Trends in EMEA Aon Cyber Risk Diagnostic Tool, September 2014 Risk. Reinsurance. Human Resources. Table of Contents

More information

Symantec Control Compliance Suite. Overview

Symantec Control Compliance Suite. Overview Symantec Control Compliance Suite Overview Addressing IT Risk and Compliance Challenges Only 1 in 8 best performing organizations feel their Information Security teams can effectively influence business

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES SECTORS AND THEMES Successful Business Model Transformation Title here in the Financial Services Industry Additional information in Univers 45 Light 12pt on 16pt leading KPMG s Evolving World of Risk Management

More information

Leveraging a Maturity Model to Achieve Proactive Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................

More information

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:

More information

Configuration Management System:

Configuration Management System: True Knowledge of IT infrastructure Part of the SunView Software White Paper Series: Service Catalog Service Desk Change Management Configuration Management 1 Contents Executive Summary... 1 Challenges

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

At Risk. In this Issue: Avoiding a world of hurt: Knowing your counterparties before you engage. Volume 8, No. 1. kpmg.ca/atrisk.

At Risk. In this Issue: Avoiding a world of hurt: Knowing your counterparties before you engage. Volume 8, No. 1. kpmg.ca/atrisk. At Volume 8, No. 1 In this Issue: Avoiding a world of hurt: Knowing your counterparties before you engage Regulatory Threats Operations Emerging Markets Management Canadian Organizations Supply Chains

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in

More information

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA White Paper Achieving HIPAA Compliance through Security Information Management White Paper / HIPAA Contents Executive Summary... 1 Introduction: Brief Overview of HIPAA... 1 The HIPAA Challenge: Protecting

More information

Stakeholder management and. communication PROJECT ADVISORY. Leadership Series 3

Stakeholder management and. communication PROJECT ADVISORY. Leadership Series 3 /01 PROJECT ADVISORY Stakeholder management and communication Leadership Series 3 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital programmes,

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

A global infrastructure to safeguard your business_

A global infrastructure to safeguard your business_ Global Security Services A global infrastructure to safeguard your business_ Global Solutions More than just peace of mind: increase confidence and reduce risk across your entire organisation_ How do you

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Achieving Regulatory Compliance through Security Information Management

Achieving Regulatory Compliance through Security Information Management www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Enterprise Security Governance, Risk and Compliance System. Category: Enterprise IT Management Initiatives. Initiation date: June 15, 2013

Enterprise Security Governance, Risk and Compliance System. Category: Enterprise IT Management Initiatives. Initiation date: June 15, 2013 Enterprise Security Governance, Risk and Compliance System Category: Enterprise IT Management Initiatives Initiation date: June 15, 2013 Completion date: November 15, 2013 Nomination submitted by: Samuel

More information

Cyber Security and the Impact on Banks in China

Cyber Security and the Impact on Banks in China Cyber Security and the Impact on Banks in China Regulatory Policy Development and Updates March 015 kpmg.com/cn Executive Summary The China Banking Regulatory Commission (CBRC) issued two circulars (Circulars

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

IBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security

IBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Cyber security: Are consumer companies up to the challenge?

Cyber security: Are consumer companies up to the challenge? Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies

More information

Understanding and articulating risk appetite

Understanding and articulating risk appetite Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,

More information

The digital future for insurance.

The digital future for insurance. Digital transformation can help you tame the perfect storm. The digital future for insurance. Following the 2008 financial crisis, the insurance sector has faced tighter regulation, which has made it harder

More information

Vital Risk Insights kpmg.com

Vital Risk Insights kpmg.com Vital Risk Insights kpmg.com KPMG INTERNATIONAL business Using intelligence software to monitor indicators of governance, risk and compliance Success in today s global marketplace demands that leading

More information

Social media governance Harnessing your social media opportunity

Social media governance Harnessing your social media opportunity www.pwc.co.uk/riskassurance Social media governance Harnessing your social media opportunity June 2014 Social media allows organisations to engage with people directly, express their corporate personality

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Risks and Insurance Solutions Malaysia, November 2013 Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare

More information

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Supporting information technology risk management

Supporting information technology risk management IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business

More information

Cyber security: it s not just about technology

Cyber security: it s not just about technology Cyber security: it s not just about technology The five most common mistakes kpmg.com b Cyber security: it s not just about technology Contents Preface 1 01 Understanding the cyber risk 3 02 The five most

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Information Technology Risk Management

Information Technology Risk Management Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT

More information

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing

More information

Information Enabled Banking

Information Enabled Banking Information Enabled Banking Information Management Survey - South based private sector banks kpmg.com/in Foreword KPMG India s Information Enabled Banking Survey (IEB) was conducted amongst select 10 banks.

More information

Reducing Cost and Risk Through Software Asset Management

Reducing Cost and Risk Through Software Asset Management RESEARCH SUMMARY NOVEMBER 2013 Reducing Cost and Risk Through Software Asset Management A survey conducted by CA Technologies among delegate attendees at the 2013 Gartner IT Financial, Procurement & Asset

More information

White paper September 2009. Realizing business value with mainframe security management

White paper September 2009. Realizing business value with mainframe security management White paper September 2009 Realizing business value with mainframe security management Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment

More information

The five most common cyber security mistakes

The five most common cyber security mistakes The five most common cyber security mistakes Management s perspective on cyber security ADVISORY kpmg.nl 2 The Continuous five most auditing common and cyber continuous security monitoring: mistakes The

More information

Cybersecurity Strategic Consulting

Cybersecurity Strategic Consulting Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with

More information

Information Security Program CHARTER

Information Security Program CHARTER State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information

More information

SUSTAINING COMPETITIVE DIFFERENTIATION

SUSTAINING COMPETITIVE DIFFERENTIATION SUSTAINING COMPETITIVE DIFFERENTIATION Maintaining a competitive edge in customer experience requires proactive vigilance and the ability to take quick, effective, and unified action E M C P e r s pec

More information

The economics of IT risk and reputation

The economics of IT risk and reputation Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant

More information

Applying ITIL v3 Best Practices

Applying ITIL v3 Best Practices white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version

More information

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data

More information

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Service Management. A framework for providing worlds class IT services

Service Management. A framework for providing worlds class IT services Service Management A framework for providing worlds class IT services Barry Corless MISM Slide - 1 Copyright Remarc Technologies Ltd, 2007 These course notes were produced by Remarc Service Management,

More information

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information