Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry

Size: px
Start display at page:

Download "Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry"

Transcription

1 Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry IT leaders are battening down the hatches, according to Protiviti s latest IT Priorities Survey What a difference a year makes. Although the financial services industry continues to focus on transforming their operations for the mobile era, with over 63 percent of companies undergoing a major IT transformation, the alarming rise in malicious IT attacks has redoubled their focus on cybersecurity, according to the results of Protiviti s 2015 IT Priorities Survey. And for good reason. Sensitive financial information is among the most valuable and abundant data there is which explains why crafty, cunning and dangerous cyber predators worldwide are constantly threatening security vulnerabilities at both financial institutions and other points of financial interaction, such as payment transactions. The very technologies that empower us to do great good can also be used to undermine us and inflict great harm, U.S. President Barack Obama recently remarked. The problem of how we secure this digital world is only going to increase. More than 1,000 respondents in our survey, primarily CIOs and IT directors, share this outlook and are consequently dedicating more IT hours, resources and mindshare to defending against cyber predator attacks this year. Areas of focus include virus/malware threat detection and eradication, security event monitoring, and incident response, containment, and recovery. Of course, this is nothing new: Security has always been a concern. But the priority placed on security and privacy capabilities this year has intensified dramatically compared to our 2014 study. In other words, security and privacy are no longer just significant priorities for financial services firms; they re the concern this year. This finding mirrors key results of our recent Executive Perspectives on Top Risks for 2015 study, in which board members and C-suite executives identified cybersecurity as one of the top risks their organizations must address. In addition to beefed up security, the financial services industry IT leaders we surveyed cited an increased and competing number of IT priorities they are juggling, including regulatory and compliance issues, big data planning, and standards and framework governance. Another notable area of focus is enterprise architecture, which is of particular importance because it underpins many of the top concerns and acts as the blueprint for everything financial IT hopes to accomplish. In other words, it s tantamount to the architectural engineering of a bridge or building. If the design is wrong or flawed, you will likely pay for it ten times over in the end. For more information about Protiviti s 2015 IT Priorities Survey, visit

2 Survey Methodology Overall, more than 1,000 respondents (n = 1,073), including CIOs, IT vice presidents and IT directors, participated in Protiviti s 2015 IT Priorities Survey, with 14 percent of our respondents representing the financial services industry. We are grateful for the time invested in our study by these individuals. Participants answered more than 100 questions in different IT categories, including: Technical Knowledge Managing Security and Privacy Defining IT Governance and Strategy Management and Use of Data Assets Managing Application Development Deploying and Maintaining Solutions Organizational Capabilities For each of these categories, respondents were asked to rate, on a scale of 1 to 10, the level of priority for them and their organizations to improve in different issues and capabilities. A 10 rating indicates the issue is a high priority while a 1 indicates the issue is a low priority. Our survey also includes special sections addressing IT transformation as well as IT knowledge within the financial services industry. Protiviti 2

3 Specific Areas of IT Knowledge in Financial Services The most significant IT priorities for financial services organizations are understandable given their key business areas of focus they include regulation/compliance, customer relationship management, data warehousing, and core processing and accounting. Nearly one-third of financial services organizations are considering whether to replace their core accounting/processing systems risk mitigation is the primary catalyst for such a change, while vendor solutions represent the biggest hurdle. Surprisingly, less than half of financial services companies are investing in payments innovation many of these organizations are focusing specifically on security and privacy, Apple Pay and digitization of paper payments. Core Processing and/or Accounting Systems Nearly one in three financial services organizations (31 percent) are considering a renewal or replacement of their core processing/accounting systems. Among those organizations considering a change, 64 percent cite risk mitigation (aging technology and/or workforce) as the primary catalyst, followed by cost savings (20 percent) and improved ability to innovate (15 percent). Vendor product deficiencies represent the greatest barrier to change, followed by the disruption to other priorities, cost and implementation risk. Payments Innovation Top IT Priorities in Financial Services Regulation/compliance Customer relationship management Data warehousing Core processing/accounting Back office operations Digital channels Payments Loan origination/underwriting Physical channels (including branches, offices and call centers) Four out of 10 financial services organizations (40 percent) are investing in payments innovation among these organizations, specific areas in which they are investing include: o o o o Security and privacy (58 percent) Apple Pay (40 percent) Digitization of paper payments (34 percent) Commercial payments (28 percent) The most significant barriers to changes in payments innovation include security and privacy (64 percent), regulation/compliance (52 percent), and integration with existing payment infrastructure (39 percent). Protiviti 3

4 Technical Knowledge There is a much greater focus this year on big data, data governance, mobile and data architecture. The adoption of industry frameworks, including the likes of ISO, COBIT, ITIL, CISSA, CISSP/CISM, NIST and OWASP, rated more highly than in other industries. Interestingly, there appears to be less of a focus on cloud-related issues, perhaps reflecting caution over security and privacy concerns, regulatory pressures, and challenges related to migrating complex legacy infrastructure to newer technology platforms. Top 10 Priorities (including ties) Data breach and privacy laws (various U.S. states) Data governance Virtualization 7.3 Data breach and privacy laws (various U.S. states) NIST (cybersecurity) 7.4 Enterprise architecture 6.9 Data architecture 7.3 IT project management 6.9 Enterprise architecture 7.3 Data governance 6.8 IT project management 7.2 Data architecture 6.8 Virtualization 7.2 Cloud computing 6.8 Business process automation 7.0 Cloud storage of data 6.7 ITIL 6.9 IT program management 6.7 CISSP/CISM 6.9 NIST (cybersecurity) PCI DSS 6.9 IT program management 6.9 ERP systems 6.6 Protiviti 4

5 Technical Knowledge (cont.) Bottom 10 Priorities (including ties) Social media integration 5.8 CGEIT 5.4 HITRUST CSF 5.8 CISSA 5.5 European Union Data Directive 6.1 HITRUST CSF 5.6 Social media security 6.1 ISO CGEIT 6.1 European Union Data Directive 5.6 Social media policy 6.1 COBIT 5.7 Cloud storage of data Social media integration 5.8 ERP systems Social media security 5.9 ISO Cloud computing 6.4 Data discovery/e-discovery 6.4 CISSA 6.4 CISSP/CISM 5.9 Mobile commerce policy 5.9 Protiviti 5

6 Managing Security and Privacy There is a much higher focus on security and privacy issues overall, including both proactive (advanced threat detection and eradication) and reactive (incident response) concerns. Thirdparty vendor management also represents a key area of focus for financial services organizations, as vendors have proven to be the entry point for many recent cyberattacks. Top 5 Priorities (including ties) Incident response success (containment, recovery) Virus/malware advanced threat detection/eradication 7.8 Penetration testing (internal/external) 7.8 Vulnerability scanning 7.8 Virus/malware advanced threat detection/eradication Monitoring security events 7.0 Incident response success (containment, recovery) Incident response policy and preparedness Incident response reaction time 6.8 Incident response reaction time 7.7 Vulnerability scanning 6.8 Patch management 6.8 Bottom 5 Priorities (including ties) California Security Breach Information Act (SB 1386) U.S. Health Insurance Portability and Accountability Act (HIPAA) 6.5 Managing IT users 6.9 California Security Breach Information Act (SB 1386) U.S. Gramm-Leach Bliley Act (GLBA) 5.9 Clarity about third-party compliance readiness (partners, vendors) Managing contractors 6.9 Managing and classifying enterprise data 6.3 Managing third-party vendors 6.9 Managing contractors 6.4 Managing third-party vendors 6.4 Protiviti 6

7 Defining IT Governance and Strategy There is a significantly higher focus this year on overall governance, in addition to regulatory compliance, IT risk, and operations and policy management. Top 5 Priorities (including ties) Monitoring and achieving legal/regulatory compliance 7.5 Monitoring IT costs and benefits 6.8 IT risk analysis and reporting 7.3 Integration/alignment of IT planning and business strategy 7.2 Integration/alignment of IT planning and business strategy Monitoring and achieving legal/regulatory compliance Developing and maintaining operations management policies and standards 7.2 Managing project quality 7.1 IT risk analysis and reporting 6.5 Monitoring IT costs and benefits 7.1 Managing and monitoring policy exceptions 7.1 Managing project quality 6.5 Bottom 5 Priorities (including ties) Defining IT roles and responsibilities 6.8 Defining organizational placement of the IT function Portfolio management - Long-term and short-term planning Reporting IT activities and performance 6.8 Developing and maintaining end user support policies and standards 6.9 Defining organizational placement of the IT function Negotiating, managing and monitoring customer service-level agreements (SLAs) Negotiating, managing and monitoring information quality Portfolio management Long-term and short-term planning Managing and monitoring policy exceptions 6.0 Negotiating, managing and monitoring information quality Defining metrics and measurements for monitoring IT performance Defining metrics and measurements for monitoring IT performance Protiviti 7

8 Management and Use of Data Assets We see substantially greater concerns in financial services organizations with regard to end user tools, management assets and big data. Top 5 Priorities (including ties) Business intelligence and reporting tools 6.9 Business intelligence and reporting tools 6.5 Data analytics platforms and support 6.8 Data analytics platforms and support 6.3 Data and information governance program 6.7 Short- and long-term enterprise information management strategy Short- and long-term enterprise information management strategy 6.7 Data and information governance program Master data management 6.7 End user adoption of data tools 6.7 Master data management Protiviti 8

9 Managing Application Development Financial services organizations expressed greater concerns over enterprise architecture and app integration for example, SOA, API, OOP. There also is more focus in the industry on agile and rapid application development (RAD, Scrum, Spiral iterative development, etc.), security and privacy, and risk management. We see this as a reflection of the industry s push to digital offerings and the need to innovate in the face of rising competition and risk of disintermediation. Top 5 Priorities Risk management 7.1 Risk management 6.3 Secure development/code review 6.8 Project monitoring and control 6.3 Service-oriented architecture (SOA) 6.7 Rapid application development framework Requirements management 6.7 Collaboration platforms (for example, SharePoint) 6.7 ERP application security ERP system bolt-on applications (BI, CRM, etc.) 6.1 Bottom 5 Priorities (including ties) ERP system implementation 6.1 Spiral iterative framework 5.5 Spreadsheet risk 6.1 Spreadsheet risk 5.6 ERP system selection 6.1 Spiral iterative framework 6.1 ERP application security 6.1 Causal analysis and resolution 5.6 Open application programming interface (API) 5.7 Object-oriented programming 5.7 Rapid application development framework 5.7 Service-oriented architecture (SOA) 5.7 ERP system selection 5.7 Protiviti 9

10 Deploying and Maintaining Solutions Financial services organizations are focusing more on developing innovation. They also have greater concerns over testing and change management. Top 5 Priorities Managing changes applications developed in-house 7.0 Managing changes applications developed in-house 6.3 Developing applications 7.0 Integrating applications 6.3 Integrating applications 6.7 Managing changes third-party applications 6.1 Managing and testing security in SDLC 6.7 Developing applications 6.1 Managing changes third-party applications 6.6 Managing and testing security in SDLC 6.0 Protiviti 10

11 Organizational Capabilities Not surprisingly, financial services organizations view working effectively with regulators to be a much higher priority compared to companies in other industries, given the significant regulatory scrutiny in the industry. Top 5 Priorities (including ties) Working effectively with regulators 6.8 Working effectively with C-level/senior executives Leadership (within your organization) 6.5 Working effectively with C-level/senior executives 6.5 Leadership (within your organization) Working effectively with business-unit executives Recruiting IT talent 6.4 Recruiting IT talent 6.1 Working effectively with regulators 5.9 Working effectively with business-unit executives 6.4 Leadership (in outside organizations, groups, etc.) 5.9 Working effectively with outside parties 5.9 Protiviti 11

12 About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000 and 35 percent of Fortune Global 500 companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Named one of the 2015 Fortune 100 Best Companies to Work For, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. Contacts Cory Gunderson Managing Director Global Leader Financial Services Industry practice Ed Page Managing Director Leader U.S. Financial Services IT Consulting practice Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

Today s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation

Today s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation Today s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation Assessing the Financial Services Industry Results from Protiviti s 2014 IT Priorities and

More information

Today s Enterprise - Cyberthreats Lurk Amid Major Transformation. Assessing the Results of Protiviti s 2015 IT Priorities Survey

Today s Enterprise - Cyberthreats Lurk Amid Major Transformation. Assessing the Results of Protiviti s 2015 IT Priorities Survey Today s Enterprise - Cyberthreats Lurk Amid Major Transformation Assessing the Results of Protiviti s 2015 IT Priorities Survey INTRODUCTION The very technologies that empower us to do great good can

More information

Today s IT Organization Delivering Security, Value and Performance Amid Major Transformation

Today s IT Organization Delivering Security, Value and Performance Amid Major Transformation Today s IT Organization Delivering Security, Value and Performance Amid Major Transformation Assessing the Results of Protiviti s 2014 IT Priorities Survey Nearly two out of three organizations are undergoing

More information

FPO. 2013 IT Priorities Survey. Mobile Commerce, Social Media, Data Management and Business Continuity Dominate the Agendas of IT Departments

FPO. 2013 IT Priorities Survey. Mobile Commerce, Social Media, Data Management and Business Continuity Dominate the Agendas of IT Departments FPO Mobile Commerce, Social Media, Data Management and Business Continuity Dominate the Agendas of IT Departments 1 Introduction A cursory glance at nearly any information technology (IT) article, survey

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

External Penetration Assessment and Database Access Review

External Penetration Assessment and Database Access Review External Penetration Assessment and Database Access Review Performed by Protiviti, Inc. At the request of Internal Audit April 25, 2012 Note: This presentation is intended solely for the use of the management

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

Cyber-Security. FAS Annual Conference September 12, 2014

Cyber-Security. FAS Annual Conference September 12, 2014 Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy

More information

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements

More information

Balancing Compliance and Operational Security Demands

Balancing Compliance and Operational Security Demands SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following

More information

State of Information Security

State of Information Security State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page

More information

Reliable, Repeatable, Measurable, Affordable

Reliable, Repeatable, Measurable, Affordable Reliable, Repeatable, Measurable, Affordable Defense-in-Depth Across Your Cyber Security Life-Cycle Faced with today s intensifying threat environment, where do you turn for cyber security answers you

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Report Book: Retina Network Security Scanner Unlimited

Report Book: Retina Network Security Scanner Unlimited REPORT BOOK Report Book: Retina Network Security Scanner Unlimited Version 5.20 January 2015 1 Table of Contents Retina Network Security Scanner Unlimited... 3 Report Title: Remediation Report... 3 Report

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6 to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized

More information

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget How Companies Can Improve Website & Web Application Security Even with a Tight IT Budget Website and web application security is no longer a luxury it s a necessity. We live in the age of cyber warfare

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release

More information

Cisco SAFE: A Security Reference Architecture

Cisco SAFE: A Security Reference Architecture Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs The security challenges cloud computing presents are formidable, including those

More information

Managing the Ongoing Challenge of Insider Threats

Managing the Ongoing Challenge of Insider Threats CYBERSECURITY IN THE FEDERAL GOVERNMENT Managing the Ongoing Challenge of Insider Threats A WHITE PAPER PRESENTED BY: May 2015 PREPARED BY MARKET CONNECTIONS, INC. 11350 RANDOM HILLS ROAD, SUITE 800 FAIRFAX,

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Cyber Security Solutions

Cyber Security Solutions Cyber Security Solutions Defending the Enterprise General Dynamics Information Technology defends mission-critical systems including government, health, finance, defence, large-enterprise and national

More information

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business The move from internal premises-based apps to the cloud is transforming the way organizations work and how they

More information

Is your business prepared for Cyber Risks in 2016

Is your business prepared for Cyber Risks in 2016 Is your business prepared for Cyber Risks in 2016 The 2016 GSS Find out Security with the Assessment Excellus BCBS customers hurt by security breach Hackers Access 80 Mn Medical Records At Anthem Hackers

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

I n f o r m a t i o n S e c u r i t y

I n f o r m a t i o n S e c u r i t y We help organizations protect INFORMATION The BorderHawk Team has significant experience assessing, analyzing, and designing information protection programs especially in Critical Infrastructure environments.

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

Managing the Unpredictable Human Element of Cybersecurity

Managing the Unpredictable Human Element of Cybersecurity CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151

More information

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on

More information

Cybersecurity@RTD Program Overview and 2015 Outlook

Cybersecurity@RTD Program Overview and 2015 Outlook Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

Department of Management Services. Request for Information

Department of Management Services. Request for Information Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley

More information

The Evolution of Application Monitoring

The Evolution of Application Monitoring The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments

More information

CYBER SECURITY SERVICES PWNED

CYBER SECURITY SERVICES PWNED CYBER SECURITY SERVICES PWNED Jens Thonke Capital Market Day 16 Sept 2015 1 AGENDA Cyber Security Services in brief Market overview and key trends Offering and channels Competition Enabling growth Performance

More information

Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations

Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Key Areas for Improvement Include Compliance, Information Security, Social Media and Quality Assurance INTRODUCTION Historic

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Information Security Policy and Handbook Overview. ITSS Information Security June 2015 Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Improving RoI by Using an SDL

Improving RoI by Using an SDL Improving RoI by Using an SDL This paper discusses how you can improve return on investment (RoI) by implementing a secure development lifecycle (SDL). It starts with a brief introduction to SDLs then

More information

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

Customer Data and Reputational Risk in the Pharmaceutical Industry

Customer Data and Reputational Risk in the Pharmaceutical Industry 1 Customer Data and Reputational Risk in the Pharmaceutical Industry Sensitive Data: A Chain of Trust Organizations of all types, from banks to government agencies to healthcare providers, are taking steps

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009

Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009 Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009 JASON C. RICHARDS CHIEF INFORMATION SECURITY OFFICER VIRGINIA COMMUNITY COLLEGE SYSTEM

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

A Secure System Development Framework for SaaS Applications in Cloud Computing

A Secure System Development Framework for SaaS Applications in Cloud Computing A Secure System Development Framework for SaaS Applications in Cloud Computing Eren TATAR, Emrah TOMUR AbstractThe adoption of cloud computing is ever increasing through its economical and operational

More information

Innovation through Outsourcing

Innovation through Outsourcing Innovation through Outsourcing Timothy Gehrig timothy.gehrig@cedarcrestone.com David Moore david.moore@cedarcrestone.com Agenda Expectations CedarCrestone Introduction Market Direction Outsourcing Solutions

More information

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS

More information

High-Value Targets Retailers Under Fire

High-Value Targets Retailers Under Fire High-Value Targets Retailers Under Fire Issue Like all organizations in the distributed industry sector, retail businesses are challenged with the objective of maintaining financial health and growing

More information

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National

More information

Microsoft Windows 7 and Office. Key Initiative Overview

Microsoft Windows 7 and Office. Key Initiative Overview Michael Silver Research Vice President and Distinguished Analyst IT leaders have questions and concerns about issues associated with Microsoft Windows 7 and Office 2010 migrations. This overview points

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Implement a unified approach to service quality management.

Implement a unified approach to service quality management. Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional

More information

Cyber Security: Confronting the Threat

Cyber Security: Confronting the Threat 09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%

More information

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust

More information

Steps to Successful Adoption of Cloud Services. The Smarter Everyday project is owned and operated by CTE Solutions Inc.

Steps to Successful Adoption of Cloud Services. The Smarter Everyday project is owned and operated by CTE Solutions Inc. Steps to Successful Adoption of Cloud Services The Smarter Everyday project is owned and operated by CTE Solutions Inc. Steps to Successful Adoption Steps to Adopting Cloud Services Organizational Capability

More information

Accenture Human Capital Management Solutions. Transforming people and process to achieve high performance

Accenture Human Capital Management Solutions. Transforming people and process to achieve high performance Accenture Human Capital Management Solutions Transforming people and process to achieve high performance The sophistication of our products and services requires the expertise of a special and talented

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES

CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES How can you better prepare and respond to cyber risks? ACE developed Loss Mitigation Services to help policyholders understand and gauge various areas

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT) INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

Cloud Infrastructure Security Management

Cloud Infrastructure Security Management www.netconsulting.co.uk Cloud Infrastructure Security Management Visualise your cloud network, identify security gaps and reduce the risks of cyber attacks. Being able to see, understand and control your

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

CompTIA Cloud Essentials Certification Exam Objectives (CLO-001)

CompTIA Cloud Essentials Certification Exam Objectives (CLO-001) CompTIA Cloud Essentials Certification Exam Objectives (CLO-001) INTRODUCTION The CompTIA Cloud Essentials Certification Exam is a vendor-neutral technical qualification. The Cloud Essentials exam is relevant

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

Your world runs on applications. Secure them with Veracode.

Your world runs on applications. Secure them with Veracode. Application Risk Management Solutions Your world runs on applications. Secure them with Veracode. Software Security Simplified Application security risk is inherent in every organization that relies on

More information

Transforming Business Processes with Agile Integrated Platforms

Transforming Business Processes with Agile Integrated Platforms Transforming Business Processes with Agile Integrated Platforms SPRING 2015 Sponsored by SAP Technology Business Research, Inc. Technology changes, but the needs of business do not. Integration is essential

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information