Cyber Security & Managing KYC Data
|
|
- Jodie Gallagher
- 8 years ago
- Views:
Transcription
1 SPECIAL REPORT Cyber Security & Managing KYC Data The views and opinions expressed in this paper are those of the author(s) and do not necessarily reflect the official policy or position of Thomson Reuters.
2 TABLE OF CONTENTS Introduction 3 KYC and data security 3 Investment managers and the need for cyber security defences 4 Data lifecycle and security risks 5 Cyber resilience and compliance 6 Conclusion 7
3 Cyber Security & Managing KYC Data 3 INTRODUCTION Cyber crime is continuing to grow, with the financial services sector as a whole particularly vulnerable to this menace. This report looks at the cyber risks faced by investment managers, who handle strictly confidential data on a continual basis, whether they perform KYC due diligence on their own clients or respond to KYC requests from their banks. It further explores some possible solutions to mitigate these risks. Cyber crime is a technology-fueled threat that has significant consequences for all parties involved in Know Your Customer (KYC) due diligence. Investment managers, whether they are responders to KYC requests or performers of KYC due diligence, handle highly confidential identity data on a daily basis. They must therefore be aware of the scale and nature of the risks they face as well as the most effective methods of managing and protecting confidential data. KYC AND DATA SECURITY Cyber crime is a very real threat to investment managers; according to PwC s 2014 Global Economic Crime Survey, 39% of respondents from financial services said they have at some point been victims of cyber crime. The aim of KYC regulations is to mitigate risk at every level within an organization. Thorough due diligence is required to ensure current and potential clients identity is checked and proven. In the past, banking and financial relationships were mostly conducted on a personal level and more often than not in a single geographic area. Increasing globalization, despite offering organizations the advantage of being able to conduct business anywhere in the world, has brought with it a new problem: increasing the complexity around understanding exactly who you are doing business with in unfamiliar territory and differing jurisdiction. Along with increases in regulation, the global KYC/AML (antimoney laundering) landscape is extremely difficult to navigate. The problem is exacerbated by the fact that there is no consistent KYC standard across the industry. This has two knock-on effects: - when performing KYC due diligence, many firms exercise caution and request more information from clients than is actually necessary, and - different organizations interpret legislation in different ways, leading to further requests for information from clients. The result: the pace of business slows; vast amounts of time and effort are needed to collect, validate, store and maintain large quantities of information; and, crucially, risks surrounding the delivery, storage and security of strictly confidential information increase exponentially. This last point is good news for the cyber criminal. In essence, investment managers are custodians of large amounts of highly confidential identity information. As performers of KYC due diligence, they have access to their clients identity information and documents. This can include names, addresses and dates of birth of directors, and passports of signatories. As responders to KYC requests from their banks, they are disseminating vast and varied identity documents to the various banks they do business with or are looking to do business with. The consequences of potential lapses in security are significant, as evidenced by several high-profile cyber attacks, including those on JP Morgan and Fidelity. Investment managers find themselves in a precarious position. Regardless of where in the spectrum they sit; a responder or performer of KYC due diligence, data management and cyber security issues are complex and challenging issues and challenges that must be acknowledged and addresses to ensure diligent KYC compliance.
4 INVESTMENT MANAGERS AND THE NEED FOR CYBER SECURITY DEFENCES Investment managers are noted for their significant spend on trading technology. To gain an edge in a very competitive, highspeed market environment, no expense seems too much when investing in sophisticated information and state of-the-art trading systems. However the same cannot be said about investments in building defenses against cyber crime. Many investment managers outsource their back-office IT infrastructure to third parties. This is particularly the case for relatively small or medium-sized firms in terms of assets under management. Unlike the largest funds in the industry, which often maintain proprietary systems, the vast middle make up the lion s share of the sector and appear to be far behind in their defenses against cyber threats and data security breaches. According to Raj Bakhru, Chief Executive of Aponix Financial Technologists, an advisory firm to hedge funds, there is some ignorance in relation to the importance of cyber security amongst investment managers; There are three types of [investment managers]. Those who are really on top of it and these would include the biggest players and quant firms - but the majority are in the second bucket and somewhat confused and not sure what to do...and then there is a significant head in the sand bucket who don t care It s an educational process. Previously cyber crime was considered as something more likely to affect large banking institutions, whose high profile was seen as making them prime targets for all kinds of hackers. JP Morgan s admission that it had been on the receiving end of a massive attack in 2014 only highlighted the threats faced across the financial services sector and the need for investment, in general awareness and education, to keep pace with cyber criminals.
5 Cyber Security & Managing KYC Data 5 DATA LIFECYCLE AND SECURITY RISKS Investment managers must be aware that personal data (both their own and their clients ) goes through stages of movement and use. Data must be fully protected at these three distinct stages: 1. DATA IN USE As the name suggests, this is data that is still being created, amended or otherwise used. During this stage there is potential danger that data could be physically stolen, incorrectly captured or hard copies disposed of in an insecure manner once electronic versions have been created. 2. DATA IN MOTION At this stage data is being transferred between the investment manager and their bank or client. There is no guarantee that the methods of transfer are efficient and/or secure and include , post (hard copies or USB/DVD copies) or uploading unencrypted data to websites. Delivery to the right person cannot be guaranteed and data can be intercepted or misdirected. Electronic copies are often easier to protect than hard copies, but because many KYC and AML regulations were written before the digital age, some organizations still insist on original documentation, further exacerbating the problem. That is not to say that sending documents via is always secure either, as firms may not have the correct procedures in place to ensure that information is sent securely. 3. DATA AT REST Here data is in storage, either in databases or shared drives, and risks exist at this stage also. Once information has left the investment manager, they have little or no control over how it is stored and who can access it. In addition, if the investment managers are the ones who are storing the data, effective controls must be in place, for example, to encrypt data held in databases. Robust disaster recovery and backup policies are also a key requirement. The common thread throughout the three stages outlined above is the human element. Even the most advanced control environment is at risk from human error and organizations must therefore ensure that their employees are properly trained and are able to create and maintain a secure work environment at all times. In addition, limiting the amount of information held to that which is absolutely necessary will go some way towards reducing cyber risk. Risk Stages Data Lifecycle Data in Use: Data when in use at the endpoint (i.e. laptops, workstations, etc.) Creation Usage Data in Motion: Data when transmitted outside of the secure network (i.e. , web, etc.) Transmission Data at Rest: Data in storage (i.e. file shares, databases, etc.) Preservation Retirement
6 6 Cyber Security & Managing KYC Data CYBER RESILIENCE AND COMPLIANCE Before the financial crisis, compliance officers had well defined roles, with clear boundaries in relation to their day-to-day responsibilities. They were the second line of defense and they updated policies in line with changes in the relevant rulebook, monitored all aspects of conduct of business and reported up to the risk committee. However, the perimeter of today s compliance officers job description is ambiguous and is driven by regulatory developments about good customer outcomes and conduct risk. Compliance officers are not expected to become technological experts but they do need to ensure that cyber risks are effectively identified, managed, offset, monitored and reported on within their firm s corporate governance framework especially if they are asking for and sending strictly confidential data. There are some basic measures which compliance officers and their firms need to consider, and they must be prepared for increasing levels of regulatory interest in these areas: WHAT INFORMATION NEEDS TO BE PROTECTED? Risk, compliance and IT control infrastructures can only be designed to protect processes and assets that are known. In general everything from customer data to operational networks, the use of the cloud systems (outsourced as well as in-house), links to payment infrastructures and exchanges, to levels of user access to information need to be mapped and included in the governance infrastructure. Care should be taken to ensure that manual work-arounds, often a legacy of businesses acquisitions, are not excluded. The process may be manual, and therefore not cyber, but the human factor may well be the entry point into the firm s wider systems. The compliance function needs to ensure cyber risks are included in the full range of risks considered by firms. They must be able to identify the types of cyber security risk management process standards they use, such as those by the International Organization for Standardization (ISO). In addition, the practices and controls used for the protection of the firm s networks and information should be documented and readily available. WHAT ARE THE RISKS TO THE FIRM S INFORMATION? Financial services firms are very familiar with the concept of risk appetites. This should be extended to all information assets. It is essential that all risks are identified and that assessments keep pace with technological advances. WHAT MEASURES ARE NEEDED? Management information and reporting is not a one-size-fits-all and must reflect the nature and activities of the relevant firm. However, there are steps firms can take: Information risk management regime Establish an effective governance structure and determine the firm s risk appetite, maintain the Board s engagement with cyber risk and produce supporting information risk management policies. Every firm should have a full understanding of what data is stored within the firm, plus the consequences of losing the data. As well as understanding it, it is recommended that data stored should also be classified as: Strictly confidential e.g. personal information, passports Confidential e.g. company information Public publically held information Home and mobile working Where applicable, develop a mobile working policy and train staff to adhere to it, apply the secure baseline build to all devices and protect data both in motion and at rest. User education and awareness Produce user security policies covering the acceptable and secure use of the firm s systems, establish a staff training program and maintain awareness of cyber risks. Incident management Establish an incident response and disaster recovery capability, produce and critically test incident management plans and, where needed, include them in recovery and resolution planning or living wills. Managing user privileges Establish account management processes, monitor user activity, control access to activity and audit logs and ensure the complete removal of access as part of the firm leaving process. Removable media controls Develop and implement a policy to control all access to removable media. Monitoring Establish a thorough monitoring program using external expertise where needed by, for example, employing professional hackers to test system firewalls and other access controls. Secure configuration Ensure that security patches are applied in a timely manner and that the secure configuration of all relevant systems is maintained and evidenced. Malware protection Establish and maintain strong anti-malware defenses and ensure continuous scanning for malware across the firm. Network security Protect networks against external and internal attack, manage the network perimeter and regularly monitor and test all security controls.
7 Cyber Security & Managing KYC Data 7 DO SECURITY MEASURES WORK? A fundamental part of cyber resilience is testing to ensure that the measures in place work. Although it is not necessarily something for the compliance function itself to perform, the process does need to ensure that the effectiveness of, and adherence to, the control infrastructure is thoroughly tested, and any gaps or issues are followed up. Physical disaster recovery plans may look fine on paper but often they do not work as designed in practice. Firms also need to consider what they would do if the worst happened and they became victims of a full-blown cyber attack. Carefully thought-through and tested incident management and contingency plans need to be agreed, pre-emptively, at the highest levels of the firm. These should include communication protocols (to media, regulators and customers as well as other stakeholders) and the authority levels needed to invoke disaster or recovery plans (for example, the switching of operating systems to a secure back-up location). An inherent part of testing whether planned security measures work is the follow-up investigation to assess any attack and the lessons to be learned. As regulators focus on the need for consistently good customer outcomes delivered by firms which have strong compliance cultures and a watertight approach to conduct risk, cyber risks have arrived rapidly on firms risk radars. The compliance function needs to ensure cyber risks are expressly included in the range of risks considered by firms, and that the Board is prepared to discuss the actions taken to ensure that all reasonable measures are in place to embed cyber resilience throughout the firm. CONCLUSION Cyber risk is not just for technology specialists; it is part of a broader issue of how organizations defend themselves against potential risks. Extensive consideration and effort is needed to ensure organizations are cyber resilient. Whatever type of data is handled and wherever it may be in the data lifecycle (in active use, in motion or at rest), it is open to potential security breaches. The need for security specifically around the KYC process is particularly important when firms are dealing with large amounts of highly confidential identity information. Spend on cyber/data security is a vital necessity; investment in trading technology ensures firms achieve alpha, however investment in cyber security ensures a firms ultimate existence. The head in sand attitude some firms have towards having defenses against cyber crime needs to end. The potential of lapses in data security cannot be ignored and must be part of the firms overall operating rhythm. The compliance function needs to ensure cyber risks are included in the full range of risks considered by firms. This requirement does add to the already heavy workloads of compliance professionals. Appropriate processes, technologies and people must be deployed in the fight against cybercrime. Due to the sensitive and serious nature of cyber threats and the time and effort needed to mitigate this risk, a viable option is to use third party organizations specializing in KYC data management not only to partner with service providers that offer a KYC managed service, but also to ensure there are no lapses in data management caused by the heavy burden on compliance professionals.
8 RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERS Risk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks and make smarter decisions that accelerate business performance. For more information, contact your representative or visit us online at risk.thomsonreuters.com 2015 Thomson Reuters GRC03350/9-15 Thomson Reuters and the Kinesis logo are trademarks of Thomson Reuters.
The Risks Of Dealing With Email leak
MANAGING CYBER RISK: WHO HAS YOUR INFORMATION? Contributing authors Tom Lawton Donna Goddard Edward P Gibson STATEMENT OF INTENT Corporate treasurers must consider the cyber risks associated with many
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationWhite Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA
White Paper Achieving HIPAA Compliance through Security Information Management White Paper / HIPAA Contents Executive Summary... 1 Introduction: Brief Overview of HIPAA... 1 The HIPAA Challenge: Protecting
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationHIPAA Compliance and the Protection of Patient Health Information
HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationPCI White Paper Series. Compliance driven security
PCI White Paper Series Compliance driven security Table of contents Compliance driven security... 3 The threat... 3 The solution... 3 Why comply?... 3 The threat... 3 Benefits... 3 Efficiencies... 4 Meeting
More informationMaximizing Configuration Management IT Security Benefits with Puppet
White Paper Maximizing Configuration Management IT Security Benefits with Puppet OVERVIEW No matter what industry your organization is in or whether your role is concerned with managing employee desktops
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationWhat You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
More informationSytorus Information Security Assessment Overview
Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)
More informationSeamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.
Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationCybernetic Global Intelligence. Service Information Package
Cybernetic Global Intelligence Service Information Package / 2015 Content Who we are Our mission Message from the CEO Our services 01 02 02 03 Managed Security Services Penetration Testing Security Audit
More informationSPECIAL REPORT: KYC AND AML POLICY IMPLEMENTING BEST PRACTICE IN AN EVER-CHANGING REGULATORY ENVIRONMENT
SPECIAL REPORT: KYC AND AML POLICY IMPLEMENTING BEST PRACTICE IN AN EVER-CHANGING REGULATORY ENVIRONMENT INTRODUCTION Heightened expectations from regulators have created an ever-more demanding regulatory
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationIs cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary
Is cyber security now too hard for enterprises? Executive Summary Sponsors The creation and distribution of this study was supported by CGI, cybx and Fujitsu/Symantec. Premium sponsors: Gold sponsor: 2
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCyber Security: from threat to opportunity
IT ADVISORY Cyber Security: from threat to opportunity www.kpmg.com/nl/cybersecurity From threat to opportunity / Cyber security / 1 FOREWORD OPPORTUNITY-DRIVEN CYBER SECURITY Cyber security (also known
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationOFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationsecurity in the cloud White Paper Series
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationCPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS
CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access
More informationDUE DILIGENCE Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two)
DUE DILIGENCE Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two) By Amy Terry Sheehan Vendors and other third parties are vital to
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationReal-Time Security for Active Directory
Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More informationLondon Business Interruption Association Technology new risks and opportunities for the Insurance industry
London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationTesting the Security of your Applications
Home Safeguarding Business Critical Testing the of your Applications Safeguarding business critical systems and applications 2 Safeguarding business critical systems and applications Organizations are
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationThe Business Value of Managed Security Services
The Business Value of Managed Security Services SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky P.2 The Business Value of Managed Security Services Contents Abstract...
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
More informationBuilding a More Secure and Prosperous Texas through Expanded Cybersecurity
Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationDemonstrating Regulatory Compliance
White Paper Demonstrating Regulatory Compliance Simplifying Security Management November 2006 Executive Summary Increasingly, organizations throughout Europe are expected to comply (and to demonstrate
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationData Loss Prevention: Data-at-Rest vs. Data-in-Motion
Data Loss Prevention: vs. Data-in-Motion Despite massive security efforts in place today by large organizations, data breaches continue to occur and identity theft is on the rise. Something has to change.
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationBIG SHIFT TO CLOUD-BASED SECURITY
GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationHybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Hybrid Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction The economic benefits offered by public clouds are attractive enough for many
More informationCan Your Organization Brave The New World of Advanced Cyber Attacks?
Can Your Organization Brave The New World of Advanced Cyber Attacks? www.websense.com/apx Overview: When it comes to defending against cyber attacks, the global business community faces a dangerous new
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationBoard Portal Security: How to keep one step ahead in an ever-evolving game
Board Portal Security: How to keep one step ahead in an ever-evolving game The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position
More informationTHOMSON REUTERS ACCELUS
THOMSON REUTERS ACCELUS ACCELUS Screening Resolution Service Executive Summary Thomson Reuters Accelus offers Screening Resolution Service (SRS): an outsourced screening service for Corporates and Financial
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationIDENTITY MONITORING: KEEPING A FINGER ON THE PULSE OF CLIENT IDENTITY CHANGES
IDENTITY MONITORING: KEEPING A FINGER ON THE PULSE OF CLIENT IDENTITY CHANGES By Neil Jeans The views and opinions expressed in this paper are those of the authors and do not necessarily reflect the official
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationCyber Security Risks for Banking Institutions.
Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions
More information