THE EVOLUTION OF CYBERSECURITY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "THE EVOLUTION OF CYBERSECURITY"

Transcription

1 THE EVOLUTION OF CYBERSECURITY Identifying Best Practices June 2, 2015 Cerone F. Cy Sturdivant Managing Consultant Nashville, TN 1

2 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete group attendance form with Title & date of live webinar Your company name Your printed name, signature & address All group attendance sheets must be submitted to within 24 hours of live webinar Answer polls when they are provided If all eligibility requirements are met, each participant will be ed their CPE certificates within 15 business days of live webinar TODAY S AGENDA Formally defining cybersecurity Assessing your cybersecurity preparedness Cybersecurity program development Regulatory expectations 2

3 DEFINING CYBERSECURITY In recent security discussions, there are references to both cybersecurity & information security. The terms are often used interchangeably, but in reality, cybersecurity is a part of information security Note: The interconnected nature of critical infrastructure systems has introduced a host of new vulnerabilities. All of these factors have influenced the shift from information security to cybersecurity DEFINING CYBERSECURITY Information security deals with protecting information, regardless of its format: physical documents, digital, intellectual property in people s minds & verbal or visual communications Cybersecurity is concerned with protecting digital assets everything from networks to hardware & information processed, stored or transported by internetworked information systems 3

4 DEFINING CYBERSECURITY NIST has a very appropriate definition for financial institutions The process of managing cyber threats & vulnerabilities & for protecting information & information systems by identifying, defending against, responding to & recovering from attacks DEFINING CYBERSECURITY The process of managing cyber threats & vulnerabilities & for protecting information & information systems by identifying, defending against, responding to & recovering from attacks Identifying attacks: For financial institutions, employee training & customer awareness are key 4

5 DEFINING CYBERSECURITY The process of managing cyber threats & vulnerabilities & for protecting information & information systems by identifying, defending against, responding to & recovering from attacks Defending against attacks is in design & operation of network & application environment; most banks we work with do this well DEFINING CYBERSECURITY The process of managing cyber threats & vulnerabilities & for protecting information & information systems by identifying, defending against, responding to & recovering from attacks Responding to attacks refers to your institution s incident response plans 5

6 DEFINING CYBERSECURITY The process of managing cyber threats & vulnerabilities & for protecting information & information systems by identifying, defending against, responding to & recovering from attacks Recovering from attacks should be covered by your Disaster Recovery/Business Continuity Plan CYBERSECURITY CONCEPTS Objective of cybersecurity is threefold, involving the critical components of confidentiality, integrity & availability Confidentiality Integrity Availability 6

7 CONFIDENTIALITY, INTEGRITY & AVAILABILITY Confidentiality is protection of information from unauthorized access or disclosure Integrity is protection of information from unauthorized modification Availability ensures timely & reliable access to & use of information & systems FFIEC Cyber Preparedness Assessment Pilot cybersecurity examination work program (Cybersecurity Assessment) conducted in June 2014 at over 500 community financial institutions with less than $1 billion in assets to evaluate their preparedness to mitigate cyber risks FFIEC regulators released initial results of their assessment in November

8 CYBERSECURITY PREPAREDNESS In addition to cybersecurity inherent risk, the Cybersecurity Assessment reviewed financial institutions current practices & overall preparedness, focusing on the following Risk management & oversight Threat intelligence & collaboration Cybersecurity controls External dependency management Cyber incident management & resilience BREAKING NEWS - Preliminary observations indicate most banks do not fully understand specific threats that face them 15 CYBERSECURITY PREPAREDNESS UTILIZING NIST FRAMEWORK Framework can be used to help identify & prioritize actions for reducing cybersecurity risk, & it is a tool for aligning policy, business & technological approaches to managing that risk Framework enables organizations regardless of size, cyber risk or cybersecurity sophistication to apply principles & best practices of risk management to improving cybersecurity & securing critical infrastructure 16 8

9 NIST FRAMEWORK OVERVIEW 17 CYBERSECURITY PROGRAM A cybersecurity program should integrate all aspects of bank s existing programs GLBA Information Security Program Business Continuity & Disaster Recovery Incident Response & Crisis Management Plans Third-Party Risk Management 9

10 EXAMPLE OF A CYBER ATTACK WIRE FRAUD Money Israel Bank United States Bank Money Manufacturer: Israel Product Money Re-Seller: United States 19 EXAMPLE OF WIRE FRAUD PART TWO Kuala Lumpur Bank What Money??? Israel Bank United States Bank Where is my money??? Money Manufacturer: Israel Product Re-Seller: United States What did I do????? 20 10

11 CYBER ATTACK WHAT COULD HAVE BEEN DONE? Technical Content/spam filter to prevent phishing People Awareness training Management review of change to wiring instructions Phone verification of change INCIDENT RESPONSE Technical Design of network and infrastructure Monitoring IDS/IPS Testing People Training to recognize attack Don t get distracted Recognize it for what it is Management oversight 11

12 BUSINESS RESUMPTION Technical Separate DR site Additional equipment Backup strategy Regular testing Vendor management People Third-party resources, if needed, on call Core & IT engineers Training in resumption EXAMINER EXPECTATIONS Incorporate cybersecurity into all existing programs & policies Enhance IT-related risk assessments to identify & address cyber-specific threats Enhance training efforts employees, board & customers Strengthen monitoring controls Strengthen incident response efforts 12

13 CONCLUSION Financial institutions have to be careful they aren't tempted to make their reviews for cyber-resilience a checkbox compliance exercise. Ensuring cyber-resilience of their internal networks & people, as well as networks of their third-party service providers & vendors, requires going beyond simply implementing recommendations in new guidelines CYBERSECURITY RESOURCES FFIEC Cybersecurity Awareness - Bank Info Security - ABA Center for Payments and Cybersecurity - NIST Framework - FS-ISAC

14 QUESTIONS? CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS BKD, LLP is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: The information in BKD webinars is presented by BKD professionals, but applying specific information to your situation requires careful consideration of facts & circumstances. Consult your BKD advisor before acting on any matters covered in these webinars. 14

15 THANK YOU! FOR MORE INFORMATION Cerone F. Cy Sturdivant, CISA Managing Consultant BKD, LLP One American Center 3100 West End Ave, Suite 850 Nashville, TN , Ext

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS

CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS October 21, 2015 CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS Cerone F. Cy Sturdivant Managing Consultant csturdivant@bkd.com 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls

More information

CYBERSECURITY INVESTIGATIONS

CYBERSECURITY INVESTIGATIONS CYBERSECURITY INVESTIGATIONS Planning & Best Practices May 4, 2016 Lanny Morrow, EnCE Managing Consultant lmorrow@bkd.com Cy Sturdivant, CISA Managing Consultant csturdivant@bkd.com Michal Ploskonka, CPA

More information

What is Management Responsible For?

What is Management Responsible For? What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Cybersecurity Issues for Community Banks

Cybersecurity Issues for Community Banks Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

Cybercrime and Regulatory Priorities for Cybersecurity

Cybercrime and Regulatory Priorities for Cybersecurity NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L

More information

THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS 8/25/2015. August 27, 2015

THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS 8/25/2015. August 27, 2015 8/25/2015 THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS August 27, 2015 Shane Torkelson, CPE, CISA, CIA Director Enterprise Risk Solutions storkelson@bkd.com 1 TO RECEIVE CPE CREDIT Participate

More information

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Ed McMurray, CISA, CISSP, CTGA CoNetrix Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats

More information

Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks?

Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks? Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks? August 27, 2014 Presented by: Terry Ammons, Partner, Porter Keadle Moore Tim Davis, Senior,

More information

Cybersecurity Awareness. Part 2

Cybersecurity Awareness. Part 2 Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

What Directors need to know about Cybersecurity?

What Directors need to know about Cybersecurity? What Directors need to know about Cybersecurity? W HAT I S C YBERSECURITY? PRESENTED BY: UTAH BANKERS ASSOCIATION AND JON WALDMAN PARTNER, SENIOR IS CONSULTANT - SBS 1 Contact Information Jon Waldman Partner,

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and

More information

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP 2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

Cybersecurity Awareness

Cybersecurity Awareness Awareness Objectives Discuss the Evolution of Data Security Define Review Threat Environment Discuss Information Security Program Enhancements for Cyber Risk Threat Intelligence Third-Party Management

More information

Cybersecurity. Regional and Community Banks. Inherent Risks and Preparedness. www.bostonfed.org

Cybersecurity. Regional and Community Banks. Inherent Risks and Preparedness. www.bostonfed.org Cybersecurity Inherent Risks and Preparedness Regional and Community Banks www.bostonfed.org Disclaimer The opinions expressed in this presentation are intended for informational purposes, and are not

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

Cybersecurity and Data Security

Cybersecurity and Data Security Cybersecurity and Data Security Richard Cook Director IT Audit & Security May 2015 Elliott Davis Decosimo, PLLC Cybersecurity and Data Security This material was used by Elliott Davis Decosimo during an

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Larry Schoeberl, Supervisory Examiner National Credit Union Administration FFIEC Cybersecurity Assessment Tool

Larry Schoeberl, Supervisory Examiner National Credit Union Administration FFIEC Cybersecurity Assessment Tool Larry Schoeberl, Supervisory Examiner National Credit Union Administration FFIEC Cybersecurity Assessment Tool Michigan CU League & Affiliates Conference February 11, 2016 Agenda Risk Trends FFIEC Cybersecurity

More information

Using Navigation List Builder with Dynamics GP. Charles Allen Managing Consultant BKD Technologies callen@bkd.com

Using Navigation List Builder with Dynamics GP. Charles Allen Managing Consultant BKD Technologies callen@bkd.com Using Navigation List Builder with Dynamics GP Charles Allen Managing Consultant BKD Technologies callen@bkd.com To Receive CPE Credit Participate in entire webinar Answer polls when they are provided

More information

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool

ICBA Summary of FFIEC Cybersecurity Assessment Tool ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

10/13/2015 THE SAGA CONTINUES. An Update on Fraud Issues. Angela R. Morelock, CPA, CFE, CFF, ABV Partner amorelock@bkd.com.

10/13/2015 THE SAGA CONTINUES. An Update on Fraud Issues. Angela R. Morelock, CPA, CFE, CFF, ABV Partner amorelock@bkd.com. THE SAGA CONTINUES An Update on Fraud Issues October 14, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner amorelock@bkd.com 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing Top 10 Baseline Cybersecurity Controls Banks Aren't Doing SECURE BANKING SOLUTIONS 1 Contact Information Chad Knutson President, SBS Institute Senior Information Security Consultant Masters in Information

More information

Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers

Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers Tony DaSilva, AAP, CISA S&R Senior Technical Expert Federal Reserve Bank of Atlanta Disclaimer The opinions expressed

More information

BENEFITS OF A CLOUD ERP SYSTEM April 12, 2016

BENEFITS OF A CLOUD ERP SYSTEM April 12, 2016 BENEFITS OF A CLOUD ERP SYSTEM April 12, 2016 Ricardo de Rojas Senior Managing Consultant rderojas@bkd.com Colleen Gutirrez Senior Consultant II cgutirrez@bkd.com 1 TO RECEIVE CPE CREDIT Participate in

More information

Using Excel Report Builder with Dynamics GP. Charles Allen Managing Consultant BKD Technologies

Using Excel Report Builder with Dynamics GP. Charles Allen Managing Consultant BKD Technologies Using Excel Report Builder with Dynamics GP Charles Allen Managing Consultant BKD Technologies To Receive CPE Credit Participate in entire webinar Answer polls when they are provided If viewing this webinar

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action Where insights lead Cybersecurity and the role of internal audit: An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could

More information

CYBERSECURITY EXAMINATION SWEEP SUMMARY

CYBERSECURITY EXAMINATION SWEEP SUMMARY This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

More information

To Receive CPE Credit

To Receive CPE Credit Outcome Metrics for National Associations November 17, 2015 To Receive CPE Credit Participate in entire webinar Answer attendance checks & polls when they are provided If you are viewing this webinar in

More information

INFORMATION SECURITY STRATEGIC PLAN

INFORMATION SECURITY STRATEGIC PLAN INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 MISSION STATEMENT The mission of the Information

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs 1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com

More information

ACA IRS INFORMATION REPORTING: WHAT DO I NEED TO KNOW?

ACA IRS INFORMATION REPORTING: WHAT DO I NEED TO KNOW? CPAs & ADVISORS ACA IRS INFORMATION REPORTING: WHAT DO I NEED TO KNOW? TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

PREPARING FOR EMR PROGRAM SUCCESS IN 2016 12/10/2015. December 15, 2015. Travis Skinner, CPA Senior Managing Consultant tskinner@bkd.

PREPARING FOR EMR PROGRAM SUCCESS IN 2016 12/10/2015. December 15, 2015. Travis Skinner, CPA Senior Managing Consultant tskinner@bkd. PREPARING FOR EMR PROGRAM SUCCESS IN 2016 December 15, 2015 Travis Skinner, CPA Senior Managing Consultant tskinner@bkd.com Michael Orr, CPA Director morr@bkd.com David McDonald, CPA Director dmcdonald@bkd.com

More information

Cybersecurity..Is your PE Firm Ready? October 30, 2014

Cybersecurity..Is your PE Firm Ready? October 30, 2014 Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services

More information

WHAT JUST HAPPENED TO THE EMR PROGRAM?

WHAT JUST HAPPENED TO THE EMR PROGRAM? WHAT JUST HAPPENED TO THE EMR PROGRAM? November 5, 2015 Michael Orr Director morr@bkd.com 254.776.8244 ext. 43928 Travis Skinner Senior Managing Consultant tskinner@bkd.com 254.776.8244 ext. 43936 1 TO

More information

CYBERSECURITY HOT TOPICS

CYBERSECURITY HOT TOPICS 1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

Cybersecurity Awareness

Cybersecurity Awareness Awareness Objectives Discuss the Evolution of Data Security Define Review Threat Environment Discuss Information Security Program Enhancements for Cyber Risk Threat Intelligence Third-Party Management

More information

Cybersecurity Maturity Assessment: Are you where you should be?

Cybersecurity Maturity Assessment: Are you where you should be? Cybersecurity Maturity Assessment: Are you where you should be? NAFCU Services Webinar: 2/23/2016 A subsidiary of Introduction Matt Mitchell, CISSP- Director Risk Assurance 18 years information security

More information

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015 Cyber Security Auditing for Credit Unions ACUIA Fall Meeting October 7-9, 2015 Topics Introduction Cyber Security Auditing Program Discuss an effective and compliant Cyber Security Auditing Program from

More information

Get in the Groove with the Regulatory Jazz: Cyber Security and Vendor Management Examinations from the Regulators and Auditors Perspective

Get in the Groove with the Regulatory Jazz: Cyber Security and Vendor Management Examinations from the Regulators and Auditors Perspective Get in the Groove with the Regulatory Jazz: Cyber Security and Vendor Management Examinations from the Regulators and Auditors Perspective Rory Guenther, CISA Senior Examiner, Operational Risk Specialist,

More information

NATIONAL ASSOCIATION OF MANUFACTURERS END OF THE YEAR TAX UPDATE

NATIONAL ASSOCIATION OF MANUFACTURERS END OF THE YEAR TAX UPDATE Wednesday December 17, 2014 2 3 PM Central Time NATIONAL ASSOCIATION OF MANUFACTURERS END OF THE YEAR TAX UPDATE Carolyn Lee Senior Director, Tax Policy National Association of Manufacturers CLee@nam.org

More information

2015 Home Health Medicare Payment & Regulatory Updates Part 2

2015 Home Health Medicare Payment & Regulatory Updates Part 2 Tuesday, February 17, 2015 2 3 p.m. Central time 2015 Home Health Medicare Payment & Regulatory Updates Part 2 Karen Vance, OTR Managing Consultant BKD, LLP kvance@bkd.com To Receive CPE Credit Participate

More information

A Crisis Response, Information Sharing View of FFIEC Appendix J?

A Crisis Response, Information Sharing View of FFIEC Appendix J? A Crisis Response, Information Sharing View of FFIEC Appendix J? Susan Rogers (MBCP, MBCI) Financial Services Information Sharing and Analysis Center FS-ISAC, Business Resiliency Director srogers@fsisac.us;

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

Data Breaches and Cyber Risks

Data Breaches and Cyber Risks Data Breaches and Cyber Risks Carolinas Credit Union League Leadership Conference Presented by: Ken Otsuka Business Protection Risk Management CUNA Mutual Group CUNA Mutual Group Proprietary Reproduction,

More information

Top Fraud Trends Facing Financial Institutions

Top Fraud Trends Facing Financial Institutions Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Changing Legal Landscape in Cybersecurity: Implications for Business

Changing Legal Landscape in Cybersecurity: Implications for Business Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics

More information

DATA ANALYTICS. Finding Data from Farm to Fork February 11, 2016 2/10/2016

DATA ANALYTICS. Finding Data from Farm to Fork February 11, 2016 2/10/2016 DATA ANALYTICS Finding Data from Farm to Fork February 11, 2016 Jeremy R. Clopton, CPA, CFE, ACDA, CIDA Director Forensics & Valuation Services jclopton@bkd.com 1 TO RECEIVE CPE CREDIT Participate in entire

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

The Center for Strategic Business Integrity (CSBI) and Hall Consulting, Inc. (HCI) NASBA Continuing Professional Education (CPE) Program Policies

The Center for Strategic Business Integrity (CSBI) and Hall Consulting, Inc. (HCI) NASBA Continuing Professional Education (CPE) Program Policies The Center for Strategic Business Integrity (CSBI) and Hall Consulting, Inc. (HCI) NASBA Continuing Professional Education (CPE) Program Policies Overview CSBI Director John J. Hall is the President of

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions Committee on Payment and Settlement Systems Board of the International Organization of Securities Commissions Consultative report Principles for financial market infrastructures: Assessment methodology

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium Keynote Speech by Beth Dugan Deputy Comptroller for Operational Risk at The Clearing House s First Operational Risk Colloquium February 11, 2015 Washington, D.C. Thank you. It s an honor to be invited

More information

Steven L. Toomey, CIMA

Steven L. Toomey, CIMA 401(K) PLAN FIDUCIARY BEST PRACTICES & INDUSTRY TRENDS March 1, 2016 Steven L. Toomey, CIMA Principal BKD Wealth Advisors, LLC stoomey@bkd.com 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer

More information

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days) Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an

More information

SNF Medicare Billing Frequently Asked Questions

SNF Medicare Billing Frequently Asked Questions CPAs & ADVISORS experience clarity // SNF Medicare Billing Frequently Asked Questions HEALTH CARE GROUP Julie Bilyeu, Director Lisa McIntire, CPA, Senior Managing Consultant TO RECEIVE CPE CREDIT Individual

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Cyber-Security. FAS Annual Conference September 12, 2014

Cyber-Security. FAS Annual Conference September 12, 2014 Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

How to Ace IT Governance Without Tech Expertise

How to Ace IT Governance Without Tech Expertise How to Ace IT Governance Without Tech Expertise 50 POWERFUL QUESTIONS READY TO ASK AT YOUR NEXT BOARD MEETING Corporate Director and Creator of THE BOARDROOM BLUEPRINT TM OVERVIEW 50 POWERFUL I.T. QUESTIONS

More information