Cybersecurity and Cloud Briefing December 3, 2015
|
|
- Bryan Grant
- 8 years ago
- Views:
Transcription
1 Cybersecurity and Cloud Briefing
2 Wendy L. Frank, principal,, Advisory, Cybersecurity, Privacy and Risk Office (213) Former Chief Security Officer and Leader of Content Security Program for Motion Picture Association of America: - Redesigned third party/vendor security assessment program - Revised and greatly expanded Content Security Best Practices Common Guidelines - Created Cloud and Application Security Best Practices Common Guidelines Leading authority on cybersecurity and technology for over 20 years with relevant security and technology certifications including: - Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Information Systems Manager (CISM), and Certified Information Privacy Professional/United States (CIPP/US) credentials, to name a few - Multiple certifications from Microsoft (MCSE, MCT), IBM/Lotus, etc. BSc Computer Science and BSc Accounting from Alvernia University 2
3 Methodology The Global State of Information Security Survey 2016, a worldwide study by and CIO and CSO, was conducted online from May 7, 2015 to June 12, s 18th year conducting the online survey, 13th with CIO and CSO Readers of CSO and CIO and clients of from 127 countries Responses from more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices More than 40 questions on topics related to privacy and information security safeguards and their alignment with the business The margin of error is less than 1%; numbers may not add to 100% due to rounding Figures in this report are based on respondents from all industries 3
4 2016 global state of information security survey highlights 91% Have adopted a risk-based cybersecurity framework 69% Use cloud-based cybersecurity services 59% Leverage big data analytics for security 65% Collaborate and partner with others to sharpen security intelligence 45% Boards participate in the overall security strategy 4
5 What is Cybersecurity? Cybersecurity represents many things to many different people Key characteristics and attributes of cybersecurity: - Broader than just information technology and extends beyond the enterprise - Increasingly vulnerable due to technology connectivity and dependency - An outside-in view of the threats and business impact facing an organization - Shared responsibility that requires cross functional disciplines in order to plan, protect, defend, react and respond It is no longer just an IT challenge it is a business imperative! 5
6 The Cyber challenge now extends beyond the enterprise Global Business Ecosystem Environmental Customer Consumer Economic Industry/ Competitors Enterprise JV/ Partners Suppliers Service Providers Legal The Evolution: Technology-led innovation has enabled business models to evolve The extended enterprise has moved beyond supply chain and consumer integration Connectivity and collaboration now extends to all facets of business Leading to: A dynamic environment that is increasingly interconnected, integrated, and interdependent Where changing business drivers create opportunity and risk Pressures and changes which create opportunity and risk Technology 6
7 Cloud trends Cloud Social Networks Information Explosion Mobility Industry Verticals as the 3 rd Cloud Platform 21% Estimated CAGR of in SaaS market through % of Sales teams will adopt public social networks by % growth every two years, reaching 44 zettabytes by % of mobile apps developed in the next 3 years will be integrated with Enterprise Apps (SAP, Oracle, Microsft) 35% High value industry solutions will become the 3 rd platform for cloud expansion. (Health, Energy, Govt.) 35% of enterprises IT dollars will be spent outside of IT by Gartner $1 of every $4 spent on applications will be consumed via the cloud by IDC 30% of all new business software purchases will be service-enabled by IDC 70% of the G2000 will still have 75% of IT resources running onsite by IDC 7
8 SaaS adoption accelerates $ $ $ $ $ 75% Integration takes center stage Enterprise systems Customs Apps Database Organizations will continue to have mixed IT environments for a long time 81% 81% of business Managers say Integration is key to achieving full benefits of cloud $3.7b By 2018, Cloud based Integration platforms will reach $3.7b (31% CAGR) 35% By 2016, 35% of large and mid-size organizations will use an IPaaS solution 8
9 SaaS view of how organizations are adopting Cloud Sanctioned IT Connected Home Grown ON - PREMISE CLOUD CyberSecurity Fabric Legacy Security Solutions Messaging & Collaboration Sales & marketing HR & Skills Finance Sharepoint Apps App Server force.com Database 9
10 Scope of Cybersecurity Technology domain convergence Information Technology Computing resources and connectivity for processing and managing data to support organizational functions and transactions Operational Technology Systems and related automation assets for the purpose of monitoring and controlling physical processes and events or supporting the creation and delivery of products and services Consumer (Products and Services) Technology Computing resources and connectivity integrated with or supporting external end-user focused products and services Cybersecurity encompasses all three technology types 10
11 Profiles of threat actors Adversary Motives Targets Impact Nation State Economic, political, and/or military advantage Trade secrets Sensitive business information Emerging technologies Critical infrastructure Loss of competitive advantage Disruption to critical infrastructure Organized Crime Immediate financial gain Collect information for future financial gains Financial / Payment Systems Personally Identifiable Information Payment Card Information Protected Health Information Costly regulatory inquiries and penalties Consumer and shareholder lawsuits Loss of consumer confidence Hacktivists Influence political and /or social change Pressure business to change their practices Corporate secrets Sensitive business information Information related to key executives, employees, customers & business partners Disruption of business activities Brand and reputation Loss of consumer confidence Insiders Personal advantage, monetary gain Professional revenge Patriotism Sales, deals, market strategies Corporate secrets, IP, R&D Business operations Personnel information Trade secret disclosure Operational disruption Brand and reputation National security impact 11
12 New and evolving threats Vulnerabilities Unpatched systems remain the primary vector of successful exploits. 99.9% of the exploited vulnerabilities were compromised more than a year after they were published. Social engineering Human element and lack of cybersecurity awareness are the most exploited weaknesses in enterprise-level attacks. Targeted Spear-phishing is still effective despite continued training, with 50% of users opening s and 11% clicking on attachments. Zero-day attacks Unpublished vulnerabilities in vendor software are a hot commodity on the dark-net. Four of the most prolific attacks of 2015 were launched using zeroday exploits. Source: /CIO & CSO Magazine Global State of Information Security Survey 2016 & Verizon 2015 Data Breach Investigations Report 12
13 New and evolving threats Malware Companies cannot cope with the volume and velocity of malware attacks occurring daily. In 2015, an estimated 170 Million of malware events were reported across the industry. Hacktivists Mostly a nuisance of the past, hacktivists target US law enforcement following police-related incidents. New data suggests that hacktivists are turning their resources for good in attempt to fight ISIS and other terrorist groups. Cybercrime Increase in Cybercrime due to monetization of PII and PHI on global black market. 79% of global companies experienced a cybercrime related incident in the past 12 months. Source: /CIO & CSO Magazine Global State of Information Security Survey 2016 & Verizon 2015 Data Breach Investigations Report 13
14 New and evolving threats Data Loss/Breach Employee, customer and internal company data are primary targets of external and internal attacks. Top industries affected are public sector and financial services. Cloud Controls and management are handed off to third-parties and cloud presence increases the potential attack surface. Attacks against cloud providers have increased 40% in Insider Threat Insider threat posed by current employees remains the second most frequently reported type of security incident. 55% of insider-related incidents were due to privilege abuse. Source: /CIO & CSO Magazine Global State of Information Security Survey 2016 & Verizon 2015 Data Breach Investigations Report 14
15 New and evolving threats DDoS Attacks Distributed Denial of Service (DDoS) attacks can disrupt business resulting in immediate loss of revenue and long-term damage to reputation. Top industries affected are public sector, retail and financial services. Web App Attacks Organized crime used Web App attacks as the primary attack vector. Bad coding habits provide an easy way in. 95% of web-based attacks used harvested user credentials stolen from user devices. Data Traversal Use of personal file sharing services (e.g., Dropbox, Box, Google Drive) allows for sensitive data to leave the company unchecked. User error is responsible for half of all sensitive data losses with policy violations accounting for 25%. Source: /CIO & CSO Magazine Global State of Information Security Survey 2016 & Verizon 2015 Data Breach Investigations Report 15
16 New and evolving threats Crimeware Physical Theft Availability of automated identity theft and social engineering tools focusing on theft of bank information or PII has put hacking abilities in the hands of criminal element. Preconfigured rootkits, keyloggers, Trojans and bots can be downloaded in abundance from many websites. Physical access to restricted company areas is the simplest and usually most effective way to penetrate their network defenses. The most effective way to prevent physical access breach is to train employees to report unusual activity and challenge visitors. Ransomware A tool for petty cyber-thieves, Ransomware is expected to be on the rise in 2015/2016 and even harder to defend against. Practicing good cyber-hygiene is the most effective way of preventing ransomware (e.g., AV, safe browsing, anti-malware). Source: /CIO & CSO Magazine Global State of Information Security Survey 2016 & Verizon 2015 Data Breach Investigations Report 16
17 Evolving perspectives Considerations for businesses adapting to the new reality Historical IT Security Perspectives Scope of the challenge Limited to your four walls and the extended enterprise Ownership and accountability Adversaries characteristics Information asset protection Today s Leading Cybersecurity Insights Spans your interconnected global business ecosystem IT led and operated Business-aligned and owned; CEO and board accountable One-off and opportunistic; motivated by notoriety, technical challenge, and individual gain Organized, funded and targeted; motivated by economic, monetary and political gain One-size-fits-all approach Prioritize and protect your crown jewels Defense posture Protect the perimeter; respond if attacked Security intelligence and information sharing Plan, monitor, and rapidly respond when attacked Keep to yourself Public/private partnerships; collaboration with industry working groups 17
18 Top 5 Cloud Cybersecurity Use Cases - Where You Should Focus Compromised Accounts (UBA) 1 Accounts Apps 2 Cloud Malware (Apps Firewall) 4 Compliance (Reporting/Policy) 5 SecOps & Forensics (Security Admin) Data 3 Data Breach (Cloud DLP) 18
19 CISO priorities in the new Cloud stack Is the user who we think they are? Identity Cloud What s going on with Off-the-shelf & Homegrown Applications and Data in the cloud? Device Which device is being used by which identity and for what purpose? 19
20 Keeping pace with the new reality Key considerations Operating in the global business ecosystem requires you to think differently about your security program and investments. Risk and Impact Evaluation Board, Audit Committee, and Executive Leadership Business Alignment and Enablement Investment Activities Projects and Initiatives Functions and Services Security Strategy and Roadmap Security Program, Resources and Capabilities Resource Prioritization Engage and commit with the business Leadership, ownership, awareness and accountability for addressing the cyber-risks that threaten the business Alignment and enablement of business objectives Rationalize and prioritize investments Critical assets are constantly evaluated given they are fundamental to the brand, business growth and competitive advantage Threats and impact to the business are considered as investment activities are contemplated Transform and execute the security program New and enhanced capabilities are needed to meet the ever changing cybersecurity challenges A comprehensive program must be built on a strong foundation and include proactive coordination and collaboration with the business The security implications related to the convergence of Information Technology, Operational Technology and Company Products and Services are addressed 20
21 Incorporating industry Leading components into your cybersecurity program Solutions to enhance the effectiveness of your cybersecurity program Threat modeling Critical asset protection Privacy and regulatory compliance Insider and third party risk Emerging technology Board & C-suit engagement M&A cyber diligence Operational technology security Secure product & service development Customer experience & trust Threat scenario planning Breach identification & analysis Incident & crisis readiness Forensic investigation Active defense & response Strategy development Capability maturity Portfolio & investment rationalization Organization redesign Advanced analytics detection & response Secure asset management Security architecture & operations Threat & vulnerability management Identity and access management Culture and communication 21
22 Cloud Security Architecture Framework Cybersecurity Governance Cybersecurity Program Operating Policies Cybersecurity Management User Management Critical Asset Protection Technology Protection & Resiliency Objective, Strategy (Business Case, Risk & Compliance) Sponsorship (Organizational posture, Ownership, Investment & ROI) Governance Organization, Competencies, People & Skills Management Business & IT Policies, Standards & Guidelines Business & Technical Architecture, Training & Awareness Data Privacy & Security (3rd Party Operations) Internal Organization (Roles & Responsibilities, Compliance) Risk, Operations & Incident Management Processes Third party management External Organization (3rd Party Risks & Contracts) SLA Monitoring Change Management Security Audit Logging & Monitoring Incident & End Point Protection Management User Lifecycle Management (Registration, Access Provisioning), Access Management (Authentication, Authorization, SSO, Federation) Secure Gateway (API security, XML base d Firewall protection) Asset Inventory (Business, Systems and Applications) Sensitive Data Ownership & Classification (Data flows &Contextual Attributes) Acceptable Use, Internal &External Collaboration Data at rest/in transit Protection Encryption and Key Management Virtualization Security, Application Security API Management, Security model (SaaS, Public/Private/Hybrid Cloud), Threat & Vulnerability Management Cyber Response, and Business Continuity Planning 22
23 Questions Boards and CEO s should be asking Enhancing their cybersecurity strategy and capability Understanding and adapting to changes in the security risk environment Advance their security posture through a shared vision and culture 1. Is our cybersecurity program aligned with our business strategy? 2. Do we have the capabilities to identify and advise on strategic threats and adversaries targeting us? 3. Can we explain our cybersecurity strategy to our stakeholders? Our investors? Our regulators? Our ecosystem partners? 1. Do we know what information is most valuable to the business? 2. Do we know what our adversaries are after/what would they target? 3. Do we have an insider threat program? Is it inter-departmental? 4. Are we actively involved in relevant public-private partnerships? 1. How was our last security crisis identified; in-house or government identified? 2. Who leads our incident and crisis management program? Is our program cross functional/inter-departmental? 3. How often are we briefed on our cyber initiatives? Do we understand the cyber risks associated with certain business decisions and related activities? 23
24 Lessons learned from recent retail and consumer events The recent retail and consumer industry challenges apply to a broader set of companies and industry sectors Attack Method - organized and coordinated efforts to exploit a known technical vulnerability in the core infrastructure Awareness - adversaries tested and enhanced their approach over the course of months before executing their campaign; intelligence sources communicated threat elements Detection - technical indicators were undetected during the attack sequence; additionally, as is often the case, third parties (e.g. law enforcement or the banks) detect the compromise, not the company Security Posture - known companies compromised were assumed to be compliant with industry standards (e.g. PCI DSS) -- compliance does not equal security Industry Exposure attacks are often not limited to a single company; many companies within an industry sector share the same/similar profile and it is highly likely there are other targets and victims 24
25 Steps organizations can take to address Cybersecurity risks Organizations can t eliminate the risk of cyber attacks, but they can minimize their consequences. Here are 5 things leading organizations do to combat cybersecurity risks. 1 Own the Risk Cyber risk is owned by leadership and is not relegated to the IT function. Periodic cybersecurity briefings are provided to the Board and C-Suite. 2 3 Prioritize Initiatives Leadership prioritizes and monitors cybersecurity investments. Investments are made in new capability, not just technology. Crown jewels have been identified and their protection prioritized. Learn and Incorporate Leading organizations work with various external parties, share information on current threats and incorporate learnings into their own cybersecurity strategy and tactics. 4 Enhance Culture A security culture and mindset is established through training, measurement and evaluation. Behaviors and capabilities of the organization are established and reinforce the importance of cybersecurity. 5 Secure the Business Security of the business value chain including suppliers, third party providers and high-risk interconnection points has been considered. Adapt to the challenges of new and emerging digital business models. 25
26 For more information, please contact Wendy Frank Principal, Advisory, Cybersecurity, Privacy & Risk Office (213) Visit to explore the data further. The Global State of Information Security is a registered trademark of International Data Group, Inc PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. refers to the United States member firm, and may sometimes refer to the network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
PwC Cybersecurity Briefing
www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationwww.pwc.nl/cybersecurity Cyber security Building confidence in your digital future
www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationDefending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDefending yesterday. Telecommunications. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationDefending yesterday. Technology. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationCyber Security Risks for Banking Institutions.
Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More information10Minutes. on the stark realities of cybersecurity. The Cyber Savvy CEO. A changed business environment demands a new approach:
10Minutes on the stark realities of cybersecurity The Cyber Savvy CEO Highlights Business leaders must recognise the exposure and business impact that comes from operating within an interconnected global
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationDefending yesterday. Power & Utilities. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationData Centric Security Management. Protecting information in a rapidly evolving and interconnected future
Data Centric Security Management Protecting information in a rapidly evolving and interconnected future Speakers Bio Clint Jensen Director (San Francisco) IT Security Privacy & Risk Mobile: (415) 498-7344
More informationProtecting Your Data, Intellectual Property, and Brand from Cyber Attacks
White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationHot Topics and Trends in Cyber Security and Privacy
Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationCybersecurity: A View from the Boardroom
An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief
More information11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives
Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationSecurity & privacy in the cloud; an easy road?
Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D
More information20+ At risk and unready in an interconnected world
At risk and unready in an interconnected world Key findings from The Global State of Information Security Survey 2015 Cyber attacks against power and utilities organizations have transitioned from theoretical
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More informationTHE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD
Security Intelligence: THE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD Brought to you by Introduction 3 Data Theft from Cloud Systems of Record 5 6-Step Process to Protect Data from Insider
More informationThe Evolution of Application Monitoring
The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationCybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST
Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More information10Minutes. on the stark realities of cybersecurity. Cybersecurity is more than an IT challenge it s a business imperative. Menu
10Minutes on the stark realities of cybersecurity April 2013 Cybersecurity is more than an IT challenge it s a business imperative Highlights Business leaders must recognize the exposure and business impact
More informationDriving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015
Driving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015 Technology advances like telematics, networked manufacturing tools, and
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationRETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015
RETHINKING ORC: NRF S CYBER SECURITY EFFORTS OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015 No Organization is Secure Source: http://www.informationisbeautiful.net An Average
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationEmpowering Your Business in the Cloud Without Compromising Security
Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationCyber Security From The Front Lines
Cyber Security From The Front Lines Glenn A Siriano October 2015 Agenda Setting the Context Business Considerations The Path Forward Q&A Cyber Security Context Cyber Has Become a Boardroom Conversation
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationCyber intelligence exchange in business environment : a battle for trust and data
Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building
More informationDefending yesterday. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationEnabling and Protecting the Open Enterprise
Enabling and Protecting the Open Enterprise The Changing Role of Security A decade or so ago, security wasn t nearly as challenging as it is today. Users, data and applications were all centralized in
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationPCI DSS READINESS AND RESPONSE
PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More information2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012
2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August 2012 1 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More information12/11/15. Evolving Cybersecurity Risks. Agenda. The current cyber risk landscape Overview. Results on EY s Global Information Security Survey
Evolving Cybersecurity Risks Results on EY s Global Information Security Survey Agenda Market insights: What are we seeing? Factoring cybersecurity into your planning and risk appetite Marketplace response
More information