1 OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP
2 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview Threat Actors Attacks that Impact the Markets Cybersecurity Industry Trends Exam Insights Industry Considerations and Best Practices 2
3 Chris Hetner with the SEC- the Cybersecurity Lead of the Technology Controls Program in OCIE The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author s colleagues upon the staff of the Commission. 20 years cybersecurity experience building and leading global EY (Practice Lead), GE Capital (CISO), and Citi (Programs and Ops) Topics to be covered Cybersecurity program overview Summary of key attacks, risks and trends impacting the market Best practices to minimize risk of cybersecurity 3
4 Vision for the cybersecurity program is to shift the threat actors attention and efforts away from the securities market by making the securities market an uninviting and hardened-security target. The goal is to establish a cybersecurity framework across the market, inform policy within the SEC and achieve a level of consistency by driving education, awareness and outreach. Newly created cybersecurity lead role is focused on providing leadership and support for cybersecurity matters across the national examination program within the SEC, particularly in the Technology Controls Program. 4
5 Threat Actors Attributes Nation States National governments seek to sabotage deals Protect and enhance the interest of local companies and industry Prevalent in deals involving assets or industries to be of strategic importance. Organized Crime See cyber-crime as a low risk/high return activity Profit driven entities Crime-as-a-Service emerging as a capability Hacktivism Politically motivated attacks Represent one of the most influential and powerful in cyberspace Launch attacks in retaliation to perceived injustices Insider Threat Insiders with trusted and privileged access Act with a lack of care whose errors increase compromise Applies to contractors and employees Attack methods are similar. Motivation, Sophistication and Impact vary. 5
6 Attack Method Social Engineering Impact of Attack Social engineering attacks on wealth advisers and brokers in which the client is spoofed and the adviser/broker is tricked into sending funds belong to the client. Ransomware Stock Market Manipulation Destructive Malware Crypto Locker which is a form a ransomware that encrypts files and programs across a suite of computers. Therefore disabling trade operations. Stock market manipulation is a growth area for criminals who hack into companies looking for information (new products or merger plans) that could affect a company's stock price, and then use this information to profit from trading. Destructive Malware such as Wiper and Shamoon can permanently destroy data (books and records) that supports a Broker Dealer. Therefore severely impacting a firm s ability to continue operating. 6
7 Trend Description Specific Purpose Malware Customizes attacks for the purpose of stealing specific information or manipulating business processes Common Targets- Investment Strategies, Intellectual Property, Account Numbers, SSNs, Executing Wire Transfers Spear Phishing that appears to be legitimate customized to target high profile and individuals with privileged access to systems and data Information about the target is garnered using various sourced (i.e. Facebook, LinkedIn, Associations) Account Takeovers Exploit a Customer's Account and, In Many Instances, to Gain Seemingly Legitimate Access to Another Customer's Account. Impact of an Attack Once firm experiences a cyber attack and suffers a loss it can take up to several months to remediate In Many Cases Real Harm Does Not Come From the Cyber-attack Itself.Rather It Comes from the Downstream Effect of Having to Inform the Customers/Investors i.e. The Reputational Damage is Potentially Irreversible and More So When Confidential Information/Data Now Resides Beyond the Control of the Organization! 7
8 Firms were generally very responsive Vast majority of firms have implemented some form of information security policy 87%/majority of the examined firms reported that they have been the subject of a cyber-related incident Around half of the firms require an audit of vendors who have access to their network The designation of a CISO varied by firms business model. Majority of BD firms designate a CISO while advisors direct their CTO to take on responsibility Over half of the firms received fraudulent s, purportedly from customers, seeking to direct transfers of customer funds or securities 8
9 I believe an important goal for the industry is to identify and prioritize cyber risk mitigation tactics. Cybersecurity must be engrained into the firms culture. Cybersecurity is more than a technology risk; it is a business risk and it must permeate the enterprise risk management process. Industry must take it upon itself to make the right investments that address cybersecurity risk. 9
10 Governance and Risk Management Risk Management Integration Governance and Board/C level Policy, Strategic Planning and Organization Management Program Management and Workforce Planning Operational Capabilities Identity, Access and Data Protection Controls Cyber Intelligence and Incident Response Cyber Threat Monitoring and Vulnerability Management Third Party Risk Management Business Integration IT Asset Management and Data Classification Security Architecture Legal and Compliance Management Training and Awareness 10
11 Azam A. Riaz, CAIA, CRCP, CFE June 18, 2015
12 The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author s colleagues upon the staff of the Commission.
14 To assess cybersecurity preparedness in the securities industry and to obtain information about the industry s recent experiences with certain types of cyber threats
15 The entity s cybersecurity governance, Identification and assessment of cybersecurity risks, Protection of networks and information, risks associated with remote customer access and funds transfer requests, Risks associated with vendors and other third parties, Detection of unauthorized activity, and Experiences with certain cybersecurity threats.
16 57 Broker-dealers 49 Investment Advisers
17 By Number of Registered Representatives (RR) 12.30% 12.30% 12.30% 22.80% 0-50 RR RR RR RR 28% 12.30% RR RR
18 14% Category 2% 10% 7% 7% 37% 9% 9% 5% Clearing Institutional Online Services Retail Brokerage Foreign-Affiliated Insurance Co. Affiliated Proprietary or Direct Market Access Small Diversified US Bank Affiliated
19 By Assets Under Management 36.70% 36.70% Less than $400 Million AUM $ Million AUM $900 Million+ AUM 26.50%
21 by Custody 33% Have Custody 67% Do Not have Custody
22 Business and operations; Detection and impact of cyber-attacks; Preparedness for cyber-attacks; Training and policies relevant to cybersecurity; and Protocol for reporting cyber breaches.
23 CYBERSECURITY INITIATIVE
24 Objective Broker-Dealers Investment Advisers Adopted written information security policies Policies address impact of cyber-attacks or intrusions Policies address responsibility for client losses in cyber incidents Security guarantees to protect clients against cyber-related losses Use external standards and other resources to model information security architecture and processes 93% 83% 82% 51% 30% 13% 15% 9% 88% 53%
25 Objective Broker-Dealers Investment Advisers Conduct periodic risk assessments on a firm wide basis to identify threats, vulnerabilities, and potential business consequences Require cybersecurity risk assessments of vendors with access to firms networks 93% 79% 84% 32%
26 Objective Broker-Dealer Investment Adviser Most examined firms reported being subject of a cyber-related incident Received fraudulent s related to transfer of client funds Losses exceeding $5,000 Losses exceeding $75,000 Employees did not follow identity authentication procedures 88% 74% 54% 43% 26% due to fraudulent s No broker-dealers had losses over $75,000 Yes for 25% of brokerdealers that had losses due to fraudulent s 1 adviser (See next row) One adviser had losses exceeding $75,000 Yes for the one adviser that had losses exceeding $75,000 Reported to FinCEN 65% 1 adviser (aforementioned) reported to FinCEN Reported to another Regulator or Law Enforcement 7% Advisers generally did not report incidents to a regulator or law enforcement.
27 Almost half of the broker-dealers (47%) were members of industry groups, associations, or organizations (both formal and informal) that exist for the purpose of sharing information regarding cybersecurity attacks and identifying effective controls to mitigate harm. Many of the broker-dealers identified the Financial Services Information Sharing and Analysis Center ( FS-ISAC ) as adding significant value in this effort. While a few of the advisers also identified FS-ISAC as a resource, advisers more frequently relied on discussions with industry peers, attendance at conferences, and independent research to identify cybersecurity practices relevant to their business and learn about latest guidance from regulators, government agencies, and industry groups.
28 Objective Broker-Dealers Investment Advisers Physical devices and systems Software platforms and applications Network resources, connections and data flows Connections to firm networks from external resources Hardware, data and software Logging capabilities and practices 96% 92% 91% 92% 97% 81% 91% 74% 93% 60% 95% 68%
29 Objective Broker-Dealers Investment Advisers Incorporate requirements related to cybersecurity risk in contracts Policies and Procedures related to security training for vendors and business partners authorized to access their networks 72% 24% 51% 13%
30 Objective Broker-Dealers Investment Advisers Use of encryption 98% 91% Provide clients steps that can be taken to reduce cybersecurity risks when conducting business with the firm on website or Designation of Chief Information Security Officer (CISO) Cybersecurity Insurance 65% 75% of the 26% of advisers that primarily advise retail clients and permit those clients to access their account information online 68% 30% CISO; Mostly taken up by CTO, CCO, CEO, COO 58% (1 filed claim) 21% (1 filed claim)
31 The staff is still reviewing the information to discern correlations between the examined firms preparedness and controls and their size, complexity, or other characteristics. As noted in OCIE s 2015 priorities, OCIE will continue to focus on cybersecurity using risk-based examinations.
32 Registered advisers must comply with the Identity Theft Red Flags Rule. The final rule release states that even advisers who do not accept physical custody of their clients accounts may be subject to the new rule if they can direct transfers or payments to third parties from a client s account or if they act as agents on behalf of individual clients. So if an adviser facilitates or directs bill payments for its clients or otherwise acts as their agent for financial purposes, the rule will likely apply.
33 Advisers falling within the rule must establish an identity theft program. The program must: Be in writing. Be approved by the board, an appropriate board committee, or senior management if the adviser has no board. Provide on-going oversight of the program by Board of Directors, an appropriate committee thereof or a designated senior management employee. Annual report suggested. Establish policies and procedures. o To identify any identity theft red flags. o To detect red flags. o To respond to red flags in a way to prevent and mitigate identity theft. o To update the program periodically to reflect changes in risk.
34 Guidelines in the appendix of the final rule include a number of examples of red flags, such as inconsistencies in personal identifying information, incomplete account opening information and changes in account usage. Provide training for employees. Provide oversight of service providers if the adviser has outsourced compliance. Adviser is ultimately responsible for compliance. Consider Guidelines for the program offered in appendix to the rule.
35 Adviser maintained signed Letters of Authorization ( LOA ) One client s account was hacked requesting wire transfers to a foreign account The third-party fraud was not discovered until three separate wires totaling $290,000 had been sent to the foreign bank. Adviser censured and fined a civil penalty of $250,000
36 Azam A. Riaz Staff Accountant US Securities & Exchange Commission Brookfield Place, 200 Vesey Street, Suite 400 New York, NY (212)
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney firstname.lastname@example.org K&L
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson email@example.com Jim Pastore firstname.lastname@example.org David Sarratt
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen email@example.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross
For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney firstname.lastname@example.org K&L Gates LLP State Street
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim email@example.com Gary E. Murphy firstname.lastname@example.org Michael J. Decker email@example.com
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 firstname.lastname@example.org Cybersecurity For Brokers: 'Only The Paranoid Survive'
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks Nick Merker, CISSP, CIPT Stephen Reynolds, CISSP, CIPP/US Nick Reuhs Attorneys at Ice Miller LLP IceonFire Fund Transfer
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
UNITED STATES SECURITIES AND EXCHANGE COMMISSION PHILADELPHIA REGIONAL OFFICE One Penn Center 1617 JFK Boulevard, Suite 520 Philadelphia, Pennsylvania 19103 June 10,2014 DFLIVERY VIA SECURE EMAIL. Chief
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
CYBERSECURITY PRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS by Dr. Lawrence A. Gordon (Lgordon@rhsmith.umd.edu) EY Professor of Managerial Accounting and Information Assurance Affiliate
EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you
www.pwc.ch/cybersecurity Global State of Information Security Survey 2015 The risks and repercussions of security incidents continue to rise as preparedness falls. Agenda Methodology Key findings Focus
Cyber-security: legal implications for financial institutions IAPP Europe Data Protection Intensive 2013 Vivienne Artz Managing Director and General Counsel, Citi Cyber threat landscape Kris McConkey Director,
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private