Crisis Management. IT Governance Summit 2015 Golden Tulip-Kumasi October 2015

Size: px
Start display at page:

Download "Crisis Management. IT Governance Summit 2015 Golden Tulip-Kumasi 08-09 October 2015"

Transcription

1 Crisis Management IT Governance Summit 2015 Golden Tulip-Kumasi October 2015 Daniel Gyampo (EMBA,CRISC,CISA, CGEIT pass) Group Manager, Information Systems Audit, Ecobank

2 Contents Disaster / Crisis / Shell-shock situation The Challenge Scenarios of emergencies Building a risk register Discussion Risk Identification International National and Internal Challenges Principles of Catastrophic Risk Management Crisis Scenarios

3 Disaster

4 Crisis Ministry of Justice and Attorney General website hacked Nov 27, 2012 This is a warning. If you refuse to release our Libertad Frigate in three days, we will unleash hell on you. We will attack all your government websites, all your banks, your stock exchange, all your gold and oil companies, your energy and water companies, we will publish on internet all your personal banking records, the ones in your country and the ones abroad, and more!

5 Shell-shock situation $45 Million ATM Heist According to the U.S. Attorney's office, the actual ATM heists took place on Dec. 22, 2012 and on Feb of this year. In December, using accounts stolen from Rakbank, the scammers made 4,500 ATM transactions in 20 countries, stealing $5 million. In New York alone, they made 750 fraudulent transactions and stole $400,000 from 140 ATMs in just under three hours. The February heist was the big one, though. Using card data from the Bank of Muscat, cells in 24 countries made 36,000 transactions over 10 hours, stealing $40 million. In New York, they got $2.4 million from 3,000 ATMs in the city.

6 The Challenge Scenarios of Government and Company Emergencies Can auditors add value to government and corporate responses? Have risk registers been documented? Have supply chains been audited and stress tested? Have institutions built upon existing strengths in governance and resilience? Are government and companies prepared for media releases?

7 Discussion Risks Identification Climate change Economic Instability Terrorism and Instability Cyber Crime and Terror Reputation Risk Management and Governance

8 Building a Risk Register 5 top risks for a government/nation in top risks for companies in 2015 Do governments and companies have the same risks?

9 International, National and Internal Challenges Has the company or government identified and protected critical functions in their business? What data is used to track and predict risks? Can the government or company respond in near real-time to make decisions? How does government or company quantify catastrophic risks and prioritize resilience? Quantification of residual risk outcomes despite good resilience?

10 Principles for Catastrophic Risk Management Allocation of responsibility for internal risk management and identification of external and uncontrollable risks Can this be done in a scenario exercise? When does a Government share risk with the private sector? How can internal and external stakeholders work to limit international financial consequences? Can internal and external stakeholders work on reports covering risks with uncertain outcomes?

11 Principles for Catastrophic Risk Management Resilience planning by assessing early warning data, identifying who is skilled in the workforce for resilience work and assessing documentation for resilience achievements? Can a stress test exercise by the auditors identify all stakeholders to be included in resilience planning and the residual risks from top threats?

12 Crisis Scenarios Cocoa Crisis: A new disease affecting cocoa trees wipes out 40% of the trees in 2 months, raising concerns about the government s inability to generate expected revenue, and increased prices on the world commodity markets Electronic Banking Services: The Banks respond to a sudden coordinated cyber attack on mobile phone banking and ATM systems stealing passwords, blocking call access to call centers, and taking down bank websites

13 Crisis Scenarios Electricity Supply Shortage: 60% loss rainfall May-July 2015 results in a sudden and rapid fall in the level of water behind the Akosombo dam, to levels that require a total shutdown of all turbines in the next 7 days. Defacing of Government Websites: The e-governance web interfaces and Government websites are defaced or brought down on Sunday night. The full extent of damage is only realized on Monday morning.

14 Teams Report on 4 Challenge Questions Each team provides a volunteer to report the crisis to the media for 2 minutes Q1: Explain how the company/government has prepared for and manages the crisis Q2: Identify how governance and reputation have been protected by your crisis response Q3: Discuss how your auditing process has prepared you for the crisis

15 Thank You Questions

Managing Cyber Attacks

Managing Cyber Attacks Managing Cyber Attacks Regulators and Industry Participants Discuss Ways to Strengthen Defenses By Joanne Morrison June 25, 2015 Cybersecurity risks and testing are a major concern of regulators and market

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Cyber Security. The changing landscape. Financial Sector. March 4-5, 2014

Cyber Security. The changing landscape. Financial Sector. March 4-5, 2014 Cyber Security Discussioni The changing landscape 2nd Information Security Workshop for Financial Sector March 4-5, 2014 Agenda Agenda How vulnerable is the banking sector Closer look at the security threat

More information

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014 Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to

More information

Attachment G.18. SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change. 03 July, 2015

Attachment G.18. SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change. 03 July, 2015 Attachment G.18 SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change 03 July, 2015 Table of contents 1 Executive summary... 3 2 SA Power Networks Original Proposal... 11 2.1 Summary...

More information

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013 Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities October 21, 2013 Table of contents Background 2 Exercise objectives 3 QD2 cyber-attack scenario 4 QD2 yielded

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

1) Outsourcing ERP systems helps to lower the cost of software ownership and maintenance. Answer: TRUE Diff: 1 Page Ref: 268

1) Outsourcing ERP systems helps to lower the cost of software ownership and maintenance. Answer: TRUE Diff: 1 Page Ref: 268 Enterprise Systems for Management, 2e (Motiwalla/Thompson) Chapter 10 Global, Ethics, and Security Management 1) Outsourcing ERP systems helps to lower the cost of software ownership and maintenance. Diff:

More information

Business Continuity. Introduction. Safer Business - Better Health. Issue date - December 2007

Business Continuity. Introduction. Safer Business - Better Health. Issue date - December 2007 Business Continuity Business Continuity Safer Business - Better Health Issue date - December 2007 Introduction Would your business survive if it was affected by a major incident or circumstances beyond

More information

How to Develop Successful Enterprise Risk and Vendor Management Programs

How to Develop Successful Enterprise Risk and Vendor Management Programs Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate

More information

What legal aspects are needed to address specific ICT related issues?

What legal aspects are needed to address specific ICT related issues? What legal aspects are needed to address specific ICT related issues? Belhassen ZOUARI CEO, National Agency for Computer Security, Tunisia Head of the Tunisian Cert (tuncert), E-mail : b.zouari@ansi.tn

More information

PROTECTING YOUR IDENTITY:

PROTECTING YOUR IDENTITY: PROTECTING YOUR IDENTITY: What to Know, What to Do Britt Short 2013 Raymond James & Associates, Inc., member New York Stock Exchange/SIPC. Raymond James is a registered trademark of Raymond James Financial,

More information

Cyber Security Protecting critical health care information

Cyber Security Protecting critical health care information OnTrend APRIL 2016 ISSUE Cyber Security Protecting critical health care information The trend Cyber Security As health care data security breaches proliferate, putting members data at risk for fraud or

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

Disaster Recovery and the. A Primer to What You Need to Know About Protecting Your Business Data with the Cloud

Disaster Recovery and the. A Primer to What You Need to Know About Protecting Your Business Data with the Cloud Disaster Recovery and the Cloud A Primer to What You Need to Know About Protecting Your Business Data with the Cloud Intro Before we dive in, answer this question first, What would happen to your business

More information

Can We Become Resilient to Cyber Attacks?

Can We Become Resilient to Cyber Attacks? Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

Homeland Security Major

Homeland Security Major Homeland Security Major Zach Wexman, Onye Chi-ukpai, Daniel Rapcsak, John Jackson Prior to the attacks of 9/11, a degree in Homeland Security was non-existent. The U.S. isn t only vulnerable to political

More information

National Cybersecurity Awareness Campaign

National Cybersecurity Awareness Campaign National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing

More information

Business Email Compromise Scam

Business Email Compromise Scam Business Email Compromise Scam The FBI has issued a warning about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives

More information

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management

More information

OPERATIONAL CONTINUITY MANAGEMENT

OPERATIONAL CONTINUITY MANAGEMENT VERSION 1.0F 15.5.2009 OPERATIONAL CONTINUITY MANAGEMENT Version: 1.0F Published: 15.5.2009 Contents 1 Introduction... 2 2 Scope... 3 3 Guidelines for operational continuity management... 3 3.1 Leadership...

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

Reputation. Further excellence. business continuity. risk management. Data security

Reputation. Further excellence. business continuity. risk management. Data security Reputation competitive advantage speed to market safety Further excellence trust Data security risk management business continuity HOW CAN YOU CREATE AND SECURE SUSTAINABLE BUSINESS? SOLUTIONS FOR MANAGING

More information

INFOSEC.MY KNOWLEDGE SHARING SESSION

INFOSEC.MY KNOWLEDGE SHARING SESSION INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have

More information

Contingency Planning in ICSA Member Countries

Contingency Planning in ICSA Member Countries Contingency Planning in ICSA Member Countries Australia In an effort to review and upgrade Australia s capacity to deal with threats to critical infrastructure, the government has formed a Trusted Information

More information

Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP

Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA, LLP Created as a collaborative effort between government and industry to ensure every American has the resources they need to stay

More information

DEFENSE SUPPLY CHAIN SECURITY & RISK MANAGEMENT: PRINCIPLES & PRACTICE

DEFENSE SUPPLY CHAIN SECURITY & RISK MANAGEMENT: PRINCIPLES & PRACTICE DEFENSE SUPPLY CHAIN SECURITY & RISK MANAGEMENT: PRINCIPLES & PRACTICE Lisa Harrington President, lharrington group llc Associate Director Supply Chain Management Center Robert H. Smith School of Business

More information

Disaster Recovery Best Practices & Lessons Learned

Disaster Recovery Best Practices & Lessons Learned Disaster Recovery Best Practices & Lessons Learned Paul Sullivan, VP & General Manager Agility Recovery For Audio: (1) Listen through PC speakers, OR (2) Dial 609 318 0024 and use access code 342 984 630

More information

Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03

Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Thank you Members of the Committee. I welcome the opportunity to submit this testimony on how the New

More information

Travel Assistance Program

Travel Assistance Program ACE American Insurance Company (A Stock Company) Philadelphia, PA (Herein called We, Us, Our) ATTENTION In the event of a medical emergency call ACE s Travel Assistance Services immediately 24-Hour Access

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two Information Security in Universities

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two Information Security in Universities Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two Information Security in Universities Agenda Information Security Management in Universities Recent

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

Chapter 3.3: IT and Cloud Computing

Chapter 3.3: IT and Cloud Computing Chapter 3.3: IT and Cloud Computing Darren Brooks, Daniel Roberts, Depeche Eliot 1. Introduction Advances in workplace technology and more specifically information technology have driven significant change

More information

How To Protect Your Business From A Cyber Attack

How To Protect Your Business From A Cyber Attack Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It

More information

Exploring the Power of Physical, Logical and Cyber Security Convergence

Exploring the Power of Physical, Logical and Cyber Security Convergence Exploring the Power of Physical, Logical and Cyber Security Convergence Steven York Head of Group Security & Business Resillience, Group Risk Bank of Queensland Physical, Logical and Cyber Security Convergence

More information

Risk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION

Risk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION 1 Risk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION Background 2 Technology has become the central component of business operations Businesses have become more vulnerable to risks associated

More information

The Education Fellowship IT Business Continuity Plan

The Education Fellowship IT Business Continuity Plan The Education Fellowship IT Business Continuity Plan OVERVIEW 1. Definition of IT Business Continuity Management IT Business Continuity Management is defined as a holistic management process that identifies

More information

How To Improve The Shared Services Partnership Business Continuity Plan

How To Improve The Shared Services Partnership Business Continuity Plan Audit and Governance Committee 24 September 2015 Business Continuity Plan For Information Portfolio Holder(s) Environmental Protection & Assets Senior Leadership Team Contact: Strategic Director 1. Purpose

More information

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

More information

Financial Safety. Protection so you can focus on what matters most

Financial Safety. Protection so you can focus on what matters most Financial Safety Protection so you can focus on what matters most Protect yourself against threats in person and online. Keeping you informed about identity theft, online scams, ATM skimmers and other

More information

Threat and Hazard Identification and Risk Assessment

Threat and Hazard Identification and Risk Assessment Threat and Hazard Identification and Risk Assessment Background/Overview and Process Briefing Homeland Security Preparedness Technical Assistance Program May 2012 PPD-8 Background A linking together of

More information

Top Business Risks 2015

Top Business Risks 2015 Allianz Risk Pulse Allianz Risk Barometer 2015 Appendix Top Business Risks 2015 The fourth annual Allianz Risk Barometer was conducted among both global businesses and risk consultants, underwriters, senior

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

Introducing SimbaTM. The most powerful end-to-end Incident Management software to date SIMBA END-TO-END INCIDENT MANAGEMENT

Introducing SimbaTM. The most powerful end-to-end Incident Management software to date SIMBA END-TO-END INCIDENT MANAGEMENT Introducing SimbaTM The most powerful end-to-end Incident Management software to date SIMBA END-TO-END INCIDENT MANAGEMENT TM Only Simba gives you the firepower you need in a crisis Whether it s workmen

More information

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan? Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013

ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013 ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013 1 CONTENT INTRODUCTION COMESA CYBER SECUIRTY PROGRAMME CYBER SECURITY ECONOMICS WHY PPPs? PPPs ACTORs CHALLENGES

More information

Mary E. Galligan Director Deloitte & Touche LLP August 4, 2015

Mary E. Galligan Director Deloitte & Touche LLP August 4, 2015 A Crisis Response Framework: Strategies for Effective Leadership Mary E. Galligan Director Deloitte & Touche LLP August 4, 2015 Managing a crisis A crisis is a major catastrophic event, or a series of

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Online International Interdisciplinary Research Journal, {Bi-Monthly}, ISSN2249-9598, Volume-III, Issue-IV, July-Aug 2013

Online International Interdisciplinary Research Journal, {Bi-Monthly}, ISSN2249-9598, Volume-III, Issue-IV, July-Aug 2013 Need to understand Cyber Crime s Impact over national Security in India: A case study P.R. Patil and D.V. Bhosale Dept. of Defence & Strategic Studies, Tuljaram Chaturchand College, Baramati, Dist- Pune,

More information

How To Prepare For An Emergency Food Security Crisis

How To Prepare For An Emergency Food Security Crisis Famine Early Warning Systems Network PROJECTED FOOD SECURITY IMPACTS OF EBOLA IN GUINEA, LIBERIA, AND SIERRA LEONE October 8, 2014 Washington, DC Guinea, Liberia, and Sierra Leone are FEWS NET remote monitoring

More information

ENTERPRISE RISK MANAGEMENT AN OVERVIEW. November 2011

ENTERPRISE RISK MANAGEMENT AN OVERVIEW. November 2011 ENTERPRISE RISK MANAGEMENT AN OVERVIEW November 2011 Overview Overview of Enterprise Risk Management (ERM) Risk Assessment Process Identifying Business Risks Consideration of Impact and Likelihood Soliciting

More information

Disaster Management and Business Continuity Plan for Bankers

Disaster Management and Business Continuity Plan for Bankers Introduction Business interruptions can occur anywhere, anytime. Massive hurricanes, tsunamis, power outages, terrorist bombings and more have made recent headlines. It is impossible to predict what may

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

October 16, 2015. Please visit our links below for more details about this event: http://cybersummit.memphis.edu/index.php?

October 16, 2015. Please visit our links below for more details about this event: http://cybersummit.memphis.edu/index.php? October 16, 2015 Please visit our links below for more details about this event: http://cybersummit.memphis.edu/index.php?page=home http://cybersummit.memphis.edu/index.php?page=gallery The University

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

Information Security in the framework of Enterprise Risk Management (ERM)

Information Security in the framework of Enterprise Risk Management (ERM) ERM, a widespread practice in Financial Institutions Value based ERM is driven by shareholder value Strategic ERM is driven by the internal control imperative Integral part of sound business management

More information

RISK MANAGEMENT SERVICES

RISK MANAGEMENT SERVICES RISK MANAGEMENT SERVICES WORLD-CLASS REAL ESTATE EXPERTISE WORLD-CLASS RISK MANAGEMENT EXPERTISE C&W has more than 1 billion square feet of properties under management in 60 countries around the world.

More information

Are your people playing an effective role in your cyber resilience?

Are your people playing an effective role in your cyber resilience? Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter An Introduction to Cyber Liability Insurance Catherine Berry Senior Underwriter What is cyber risk? Exposures emanating from computer networks and the internet The Cyber Risk Phenomenon The incredible

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

Top Business Risks 2016

Top Business Risks 2016 Allianz Risk Pulse Allianz Risk Barometer 2016 Appendix Top Business Risks 2016 The fifth annual Allianz Risk Barometer was conducted among both global businesses and risk consultants, underwriters, senior

More information

Identity Theft. The Most Pervasive Financial Crime Today. Presented by; Wells Fargo Corporate Security. Wells Fargo All Rights Reserved 1

Identity Theft. The Most Pervasive Financial Crime Today. Presented by; Wells Fargo Corporate Security. Wells Fargo All Rights Reserved 1 Identity Theft The Most Pervasive Financial Crime Today Presented by; Wells Fargo Corporate Security Wells Fargo All Rights Reserved 1 It s so very simple to be anyone you please, on any given morning

More information

Dissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University

Dissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University Dissecting the Recent Cyber Security Breaches Yu Cai School of Technology Michigan Technological University Disclaimers Most information in this presentation was collected from various sources on the Internet.

More information

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity

More information

Log Management, Compliance and Auditing

Log Management, Compliance and Auditing Log Management, Compliance and Auditing KR Information Security Solutions www.kriss.in 1 About KRISS Founded early 2008, by former Indian Naval Officers and Veterans with decades of experience in Information

More information

APPLICABLE TO: Flow Systems Group and all employees. Risk Management

APPLICABLE TO: Flow Systems Group and all employees. Risk Management PURPOSE: Flow Systems is committed to managing its risks and ensuring compliance with all relevant laws and regulations in a proactive, on-going and positive manner. This document outlines Flow s Risk

More information

Best Practices to Improve Breach Readiness

Best Practices to Improve Breach Readiness Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1 Security Breaches 2 Security

More information

Creating a Business Continuity Plan

Creating a Business Continuity Plan Family Office Information Creating a Business Continuity Plan Hurricanes, fires, terrorist attacks, earthquakes and tsunamis aren t the only kinds of events that can cripple a family office. More common

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),

More information

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Igor Nai Fovino-Head of Research GCSEC The last two years will surely enter in the history of IT Security. 2010 was the year

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

IBM Security Systems Trends and IBM Framework

IBM Security Systems Trends and IBM Framework IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1 Agenda IBM X-Force 2013 Mid Year Trend

More information

Enterprise Risk Management VCU Process

Enterprise Risk Management VCU Process VCU Process What is Enterprise Risk Management? An organization-wide systematic approach to identify and tactically manage risk. A best practice to prioritize risk and implement processes to monitor risk.

More information

ACE USA Travel Assistance Services

ACE USA Travel Assistance Services ACE American Insurance Company (A Stock Company) Philadelphia, PA ACE USA Travel Assistance Services ACE A&H Division offers worldwide travel assistance services to employees, students and their eligible

More information

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014 Knowing Your Enemy How Your Business is Attacked Andrew Rogoyski June 2014 Why Cyber is the New Security 1986: Lawrence Berkeley NL discovers attempt to copy US Government Information on Arpanet 1988:

More information

BUSINESS CONTINUITY PLANNING. Business Continuity Management Plan. Version 1.4

BUSINESS CONTINUITY PLANNING. Business Continuity Management Plan. Version 1.4 BUSINESS CONTINUITY PLANNING Business Continuity Management Plan Version 1.4 October 2015 Table of Contents 1 OVERVIEW... 5 2 STRUCTURE OF THE DOCUMENT... 5 3 OBJECTIVE... 6 4 SCOPE... 6 4.1 EXECUTIVE

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

HACKED: Data Breach Scenario

HACKED: Data Breach Scenario HACKED: Data Breach Scenario John McCabe SVP & Chief Operating Officer, Liberty International Underwriters Andrew Methven Risk & Assurance Manager, City of Sydney Joe Perricone Experienced Chief Information

More information

Cyber Horizon Whats Next. E.J. Hilbert Managing Director Decmeber 2014

Cyber Horizon Whats Next. E.J. Hilbert Managing Director Decmeber 2014 Cyber Horizon Whats Next E.J. Hilbert Managing Director Decmeber 2014 About the Speaker Managing Director Kroll Advisory Solutions- Head of Cyber Investigations for EMEA President of Online Intelligence-

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers

More information

SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data

SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY Symantec 2010 SMB Information Protection Survey Global Data June 2010 CONTENTS Executive Summary...3 Methodology...4 Finding 1: SMBs serious about information

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Introducing Catastrophe Risk man-made hazards*

Introducing Catastrophe Risk man-made hazards* Introducing Catastrophe Risk man-made hazards* dr marie gemma dequae 21.2.2014 IRSG Frankfurt This presentation expresses the views of the author and neither the views of EIOPA nor the IRSG. agenda Risk

More information

Critical Information Infrastructure Protection A perspective & Reality from the Commonwealth

Critical Information Infrastructure Protection A perspective & Reality from the Commonwealth Critical Information Infrastructure Protection A perspective & Reality from the Commonwealth Commonwealth Cybersecurity Forum BT Centre, London 22-24 April 2015 Dr Martin Koyabe Head of Research & Consultancy

More information

Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014

Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014 Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues Palace Hotel Saigon, HCMC, November 19 th 2014 Cyber Security and Supply Chain Integrity as Risk Factors

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

Nationwide Cyber Security Survey

Nationwide Cyber Security Survey Research Nationwide Cyber Security Survey Presented by Harris Poll Executive Summary: Cyber-Security Cyber-security is a low priority for many because the threat is not palpable Eight in ten (79%) have

More information

THE COMMODITY RISK MANAGEMENT GROUP WORLD BANK

THE COMMODITY RISK MANAGEMENT GROUP WORLD BANK THE COMMODITY RISK MANAGEMENT GROUP WORLD BANK Agricultural Insurance: Scope and Limitations for Rural Risk Management 5 March 2009 Agenda The global market Products Organisation of agricultural insurance

More information

National Security impacted by Global Change

National Security impacted by Global Change National Security impacted by Global Change NATIONAL SECURITY SCIENCE & TECHNOLOGY To provide a national focus for science and technology to enhance Australia s national security capabilities Dr Richard

More information

Cyber security: it s not just about technology

Cyber security: it s not just about technology Cyber security: it s not just about technology The five most common mistakes kpmg.com b Cyber security: it s not just about technology Contents Preface 1 01 Understanding the cyber risk 3 02 The five most

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information