CLE FOR LUNCH: MARITIME CYBERSECURITY

Size: px
Start display at page:

Download "CLE FOR LUNCH: MARITIME CYBERSECURITY"

Transcription

1 NYCLA CLE I NSTITUTE CLE FOR LUNCH: MARITIME CYBERSECURITY Prepared in connection with a Continuing Legal Education course presented at New York County Lawyers Association, 14 Vesey Street, New York, NY scheduled for January 29, 2015 Program Co-sponsor: NYCLA s Admiralty Committee Faculty: Alan M. Weigel and Kate B. Belmont, Blank Rome LLP This course has been approved in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 2 Transitional and Non-Transitional credit hours: 2 Professional Practice/Law Practice Management. This program has been approved by the Board of Continuing Legal education of the Supreme Court of New Jersey for 2 hours of total CLE credits. Of these, 0 qualify as hours of credit for ethics/professionalism, and 0 qualify as hours of credit toward certification in civil trial law, criminal law, workers compensation law and/or matrimonial law. ACCREDITED PROVIDER STATUS: NYCLA s CLE Institute is currently certified as an Accredited Provider of continuing legal education in the States of New York and New Jersey.

2

3 Information Regarding CLE Credits and Certification CLE for Lunch: Maritime Cybersecurity January 29, 2015; 12:20 PM to 2:00 PM The New York State CLE Board Regulations require all accredited CLE providers to provide documentation that CLE course attendees are, in fact, present during the course. Please review the following NYCLA rules for MCLE credit allocation and certificate distribution. i. You must sign-in and note the time of arrival to receive your course materials and receive MCLE credit. The time will be verified by the Program Assistant. ii. iii. iv. You will receive your MCLE certificate as you exit the room at the end of the course. The certificates will bear your name and will be arranged in alphabetical order on the tables directly outside the auditorium. If you arrive after the course has begun, you must sign-in and note the time of your arrival. The time will be verified by the Program Assistant. If it has been determined that you will still receive educational value by attending a portion of the program, you will receive a pro-rated CLE certificate. Please note: We can only certify MCLE credit for the actual time you are in attendance. If you leave before the end of the course, you must sign-out and enter the time you are leaving. The time will be verified by the Program Assistant. Again, if it has been determined that you received educational value from attending a portion of the program, your CLE credits will be pro-rated and the certificate will be mailed to you within one week. v. If you leave early and do not sign out, we will assume that you left at the midpoint of the course. If it has been determined that you received educational value from the portion of the program you attended, we will pro-rate the credits accordingly, unless you can provide verification of course completion. Your certificate will be mailed to you within one week. Thank you for choosing NYCLA as your CLE provider!

4

5 New York County Lawyers Association Continuing Legal Education Institute 14 Vesey Street, New York, N.Y (212) Admiralty In Committee: Maritime Cybersecurity Thursday, January 29, :00 PM to 2:00 PM Program Co-sponsor: NYCLA's Admiralty Law Committee Faculty: Alan M. Weigel and Kate B. Belmont, Blank Rome LLP AGENDA 12:00 PM 12:20 PM Lunch 12:20 PM 1:45 PM Discussion 1:45 PM 2:00 PM Questions and Answers

6

7 Working together, Blank Rome LLP and Good Harbor Security Risk Management LLC, haved teamed to provide a comprehensive solution for protecting your company s property and reputation from the unprecedented cybersecurity challenges present in today s global digital economy. Our multidisciplinary team of leading cybersecurity and data privacy professionals advises clients on the potential consequences of cybersecurity threats and how to implement comprehensive measures for mitigating cyber risks, prepare customized strategy and action plans, and provide ongoing support and maintenance to promote cybersecurity awareness. Focused on corporate security solutions BECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS.

8 Blank Rome LLP, a nationally recognized Am Law 100 firm, and Good Harbor Security Risk Management LLC, a cyber risk consulting firm led by renowned cyber and national security expert Richard A. Clarke, assist our clients to combat the threat of cyber attacks. We can offer a privileged attorney-client relationship through which companies can identify and manage all of their security risks, protect their digital assets, and quickly respond to cyber threats while simultaneously protecting their efforts from discovery or inadvertent public disclosure. The only source of knowledge is experience. Albert Einstein A cyber attack can not only create devastating financial losses for your company, but also significant operational and reputational damages and costly lawsuits. Responsible cyber risk management requires a complex strategy of ongoing support to navigate any potential crises. Experience That Matters We provide the following services: Steven L. Caponi, Esq Advise the Board and senior management to identify the company s cyber risks, determine its risk appetite, and establish a culture and processes that incorporate risk into decision-making. Elizabeth A. Sloan, Esq Provide customized Threat Awareness Exercises designed to increase awareness among senior management of the cybersecurity challenges facing your company and industry segment. Conduct a crisis simulation designed to expose key decision makers to the realities of a true cyber incident and to test the strength of your cybersecurity defenses while identifying areas needing improvement. Prepare a tailored Strategic Action Plan ( SAP ) that enhances your organization s ability to mitigate cyber risk, successfully manage a cyber incident, and quickly return to maximum operational effectiveness. Conduct a NIST Cybersecurity Framework Assessment to benchmark NIST alignment, apply the five NIST Framework Core functions and develop actionable milestones to help companies achieve their NIST Target Maturity Profile. Provide ongoing cybersecurity support and maintenance through a variety of service offerings scalable to fit the needs of all companies. To learn more about how we may help you, please contact any member of our team listed on page 11. Richard A. Clarke Jacob Olcott CyberBro[Master] indd Emilian Papadopoulos

9 O N G O ING SUPPORT AN D M AINT ENA NC E Yesterday s solutions are just that solutions to solve yesterday s problems. But in today s world, cybersecurity risks and threats are changing every day. Malicious actors and hackers constantly alter techniques to avoid defensive measures and overcome industry best practices. Additionally, new regulations, guidelines, and litigation will continue to shape the cybersecurity landscape and the obligations required of your company. As with the evolving nature of today s growing cyber threat, your SAP, cyber defenses, and best practices must also continue to evolve. Keeping abreast of the changing cybersecurity environment and regularly updating your company s SAP or protocols are essential to mitigating any potential cyber threats. To assist with these critical tasks, we provide our clients with a continuing relationship to help facilitate their awareness of the cybersecurity landscape and to help assist them with their ongoing cybersecurity maintenance. BOA R D O F D IR E C TO R S A N D S E N IO R M A N AG E M E N T C Y BE R S E C U R ITY A S S E S S M E N T Oversight of enterprise risks can be a challenge for many boards and senior management; yet, it is one of the most important responsibilities of the Board and C-Suite. Cyber threats can quickly devastate an organization and its ability to carry out its core functions. This threat has left many corporate leaders asking how they can do a better job overseeing the management of their organization s cyber risk exposure, and how they can improve board oversight to minimize the impact of a cyber incident. Understanding that each client has different needs, we provide various levels of maintenance and support. Our basic level provides a critical foundation of ongoing maintenance and support, which includes a monthly bulletin containing articles authored by our cybersecurity professionals that examine the recent and anticipated changes in the world of cybersecurity, including the current nature of the threat. Additionally, the bulletin will summarize recent litigation trends, case law, regulations, guidelines, proposed legislation, and other developments in the cybersecurity legal environment. This option also entitles your company to 5 hours per month of cybersecurity legal assistance from Blank Rome or cyber risk management assistance from Good Harbor, in the form of phone calls, requested research, or other legal support. We help senior leaders to discharge their risk oversight role by ensuring their organization s cyber risk management policies and procedures are consistent with the company s corporate strategy and risk appetite, and that these policies and procedures foster a culture of risk-adjusted decision-making. By conducting a thorough cybersecurity review for and with the C-Suite, we fully engage the board and senior management in the cyber risk mitigation process and assist them to: Develop effective corporate governance structures, policies and procedures, including establishment of appropriate committees, for managing cybersecurity risks. Identify Building on the benefits detailed above, our next level of maintenance and support provides your company with an additional 5 hours per month (for a total of 10 hours per month) of Blank Rome legal assistance. We will also perform an annual risk assessment update and an annual ECCS to test the adequacy of your current SAP. the material cyber risks their company faces in a timely manner; Implement Management is all about managing in the short term, while developing the plans for the long term. In addition to the aforementioned levels of cybersecurity support, we also offer supplemental services and benefits that are uniquely tailored to the individual needs of our clients. These supplemental services can consist of additional hours of support per month, periodic risk reviews, Executive Cyber Crisis Simulations, and updating your SAP. appropriate cyber risk management strategies responsive to the company s risk profile, business strategies, specific material risk exposures and risk tolerance thresholds; Integrate consideration of cybersecurity risk management into business decision-making throughout the organization; and Transmit Jack Welch necessary information with respect to material cyber risks and events to senior executives and, as appropriate, to the board or relevant committees. Following our review, we will deliver a detailed report containing specific recommendations for how your organization can improve its enterprise risk management effectiveness to address current and emerging cyber threats. 10 3

10 CYBER RISK MITIGATION EXERCISE Threat Awareness Exercise Our Threat Awareness Exercise is an interactive presentation conducted by a senior member of the Good Harbor team and cybersecurity attorneys from Blank Rome to increase awareness of the cybersecurity threats your company and industry segment are facing. Through a thoughtprovoking analysis with your senior executive team, as well as other C-suite officers, we will cover the following issues in the workshop session: Know your enemy and know yourself and you can fight a hundred battles without disaster. Sun Tzu Targets: An overview of who is being targeted and why. We will discuss the need for every company to understand its own threats and risks as a key part of an effective and resourceful strategy. Industry Threats: A discussion of the unique threats and risks facing your company and specific industry sector, including who is conducting the attacks, the purpose of the attacks, the type of data being targeted, and an analysis of recent attacks in your sector. Legal Implications: A high-level overview of the laws, regulations, and best practices relevant to your industry sector. We will also cover directors and officers liability, fiduciary obligations, and governance changes to ensure successful implementation of cybersecurity policies across your organization. Command and Control: A review of why the directors and officers in your company need to understand the current cybersecurity threat landscape in order to mitigate and manage any potential risks. We will discuss the necessity of giving your technical security teams a proper level of support; test and adopt cybersecurity plans, protocols, and a post-breach response plan; and implement an internal reporting and review infrastructure to ensure compliance with the objectives articulated by management. Following the Threat Awareness Exercise, our team will deliver a white paper outlining the over-arching cyber risk exposure for your company and industry sector, core cybersecurity threats, key takeaways from the exercise, and perceptions of the current and specific cybersecurity threat environment, as well as provide a report on sector-wide trends. Executive Cyber Crisis Simulation The Executive Cyber Crisis Simulation ( ECCS ) can either be a stand-alone service or used to test the effectiveness of your cybersecurity SAP. The ECCS is a realistic simulation of a cyber breach led by Richard A. Clarke, Chairman of Good Harbor and a renowned cybersecurity expert, and Blank Rome s cybersecurity attorneys. The ECCS tests the management team s preparedness through a challenging, real-life scenario, but in a safe environment, with a focus on executives working collaboratively, uncovering capabilities and resources, and identifying areas for improvement in a constructive, low-risk environment. The ECCS is not designed to make individuals pass or fail, but rather to help the company improve its collective preparedness. To simulate a real life cyber breach, the ECCS will confront your senior executives with a barrage of rapidly changing facts coming from a multitude of sources, and force them to consider what decisions they would make. Throughout the exercise, we will explore the pros and cons of every critical decision, with the understanding that there are rarely any objectively right or wrong answers. For companies without an existing SAP, the simulation will demonstrate the need for adopting one before a real incident occurs. For companies with an existing SAP, the exercise will test the adequacy of your current SAP protocols and identify areas needing improvement. By conducting the ECCS under the supervision of legal counsel, you will have peace of mind in knowing that your self-assessment will remain privileged and confidential. Finally, our team will deliver an After Action Review memorandum with key findings, lessons learned, and recommendations from the exercise. 4

11 Before developing the simulation parameters, our team will gain an understanding of your organization, operations, and desired objectives to ensure that the exercise is realistic and aligned with your corporate priorities. Relying on this information, we will then design an interactive, engaging, multimedia ECCS that will help corporate leaders achieve the following key objectives: Evaluate assumptions, capabilities, and the effectiveness of existing response planning. Analyze cybersecurity measures to determine whether they comport with current laws, regulations, and contractual obligations. Strengthen the awareness of senior leaders and crisis management teams regarding the need for response plans and the importance of crisis preparedness. Consider whether the corporate fiduciaries have implemented the protocols, best practices, and information reporting structures necessary to minimize their personal liability. Improve the ability of multiple teams from across the organization to communicate and work together quickly and effectively in a real crisis. Following the ECCS, our team will hold a group debrief with the participants in an after action review meeting, which will extract the key lessons learned and allow our team to identify and articulate specific action items. STRATEGIC ACTION PLAN Preparation and advanced planning separate those who succeed from those who fail in the face of a significant threat. In the world of cybersecurity, there is simply not enough time to consider your options after an attack or breach is detected. Consider the following: Retail companies can expect to lose an average of $3.4 million in brand damage every hour their systems are offline. Depending on the industry and nature of the data breach, brand value can decline by as much as 17 percent to 31 percent. Success depends upon previous preparation and without such preparation there is sure to be failure. Confucius Publicly traded companies may experience a drop in their share price after announcing a breach. To the extent that third-party data is involved, costs for a breach may include liability for stolen assets, repairs to information systems, and remediation expenses to address stolen identities. A cyber thief using the average cable modem can transfer approximately 15,000 documents per second or nearly 100,000 per hour. The magnitude and emergent nature of cybersecurity risks requires the adoption of a SAP before an incident occurs. Can your company afford to wait the 5-, 10-, or 24-hours it would take to locate your senior executives, apprise them of the developing situation, and answer all of their questions before obtaining direction on how to respond to a cyber breach? Understanding that each client has a unique profile and different needs, we offer two programs to help assess your company s cyber risks and develop an effective SAP. 5

12 OPTION 1: Cyber Risk Profile and Recommendations Preparing a comprehensive SAP requires a candid assessment of your company s cybersecurity risk profile ( Cyber Profile ). Your Cyber Profile is determined by considering the likelihood your company will suffer from a cyber attack, the potential severity of a breach, the sufficiency of your existing cybersecurity policies, and your company s crisis response policies. Every company will have a unique Cyber Profile, falling within a spectrum ranging from high- to low-risk. High-risk companies will be expected to implement more comprehensive defensive measures as compared to low-risk enterprises. A company in the critical infrastructure sector, or one with particularly sensitive intellectual property, would be considered high-risk; for them, it is not a question of if they will be attacked, but rather of when and how frequently. Additionally, an attack on companies in these sectors can cripple not only their internal operations, but also have a ripple effect across the economy at large. Given the stakes, companies with a high-risk Cyber Profile will be expected to adopt rigorous policy procedures and crisis management plans to address the threats they face. Our comprehensive Cyber Profile will help senior executives in your company to understand their unique cyber risk exposure and to mitigate the impact of a significant cyber event. Working collaboratively with your executives, we will assess the essential elements of your company s cyber risk status, cyber risk management strategy, corporate governance structure, policies and procedures, existing technologies, sector-specific risks, and crisis management protocols. We will then use our findings to identify significant gaps or areas needing improvement. At the end of the assessment period, your company will receive an Executive Cyber Risk Profile Report. The report is a tailored analysis designed for C-suite executives that summarizes your company s current state of cybersecurity, outlines key findings, and includes recommendations for strengthening cyber defenses in a way that balances security considerations with operational needs. Your company can then use the report to create, enhance, or implement your own SAP on a schedule that is consistent with your operational needs. OPTION 2: Cyber Risk Profile and SAP Implementation If your company is seeking greater assistance in addressing cyber risks, this option includes the aforementioned Cyber Profile and allows our cybersecurity team to further build on the insights gleaned from the report by testing your company s cyber risk management programs against your material cyber risks. We will also perform a gap assessment and recommend specific changes in your company s policies, programs, and technologies to help mitigate those material risks and identify significant gaps or areas needing improvement. Following our review, we will deliver a report containing a detailed SAP that is unique to your company, as well as work with you to implement the SAP. Included in our final report, you will receive the following: Crown Jewels and Worst-Case Scenarios Identification Report: Identification of your company s most valuable assets and a forecast of worst-case scenarios to avoid, which are then weighted and mapped on a risktolerance scale and incorporated into the SAP. Strategy Profile: Evaluation of whether your company s strategy and governance systems adequately address not only internal considerations and direct external risks, but also third-party risks, including supply chain security and vendor risk management. Final Policies and Procedures Recommendations: Presentation detailing our execution plan to implement your company s SAP, as well as procedural recommendations to mitigate your most significant risks. Technology Roadmap: Examination of the current state of your company s technology and legal issues, and a proposal of their future state to effectively implement the new policies. 6

13 NIST CYBERSECURITY FRAMEWORK ORIENTATION AND WORKSHOPS On February 19, 2014, the National Institute of Standards and Technology ( NIST ) released the long-awaited Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework or Framework ) In part, the Cybersecurity Framework is intended to aid in the development of cybersecurity practices for managing cyber risks. Properly applied, the Cybersecurity Framework enables companies to create a blueprint for identifying potential threats, protecting themselves from cyber attacks, and quickly recovering if an attack occurs. At its core, the Cybersecurity Framework rk affirms the belief that cyber risks are enterprise risks that warrant the attention of C-suite executives. Working with our clients, we utilize proven methods to apply the Cybersecurity Framework to develop specific protocols essential to secure the processes, information, and systems directly involved in the delivery of your critical services. Our methodologies include overlaying the Cybersecurity Framework on top of current cyber security practices to determine gaps and to develop a detailed roadmap to improvement. We stand ready to provide our extensive experience to help our clients navigate the complex features of the Framework to help protect their core assets, minimize liability exposure, and reduce risks through our NIST Cybersecurity Framework services. NIST Cybersecurity Framework Briefing By failing to prepare you are preparing to fail. Benjamin Franklin Through an interactive presentation, we work with our clients to explore and analyze the practical implications of the Cybersecurity Frame work, including what it means for businesses, how it can be effectively applied, its purpose, and its objectives. Consisting of an orientation and series of workshops (typically one to three), the NIST Cybersecurity Framework Briefing is designed to help executives achieve several key objectives: Understand the Cybersecurity Framework and how it is used by leading companies to manage cyber risk; Understand how the Cybersecurity Framework can help manage and mitigate a wide range of liability, policy, and cyber threats facing companies; Facilitate the unification of company leaders (e.g., the CEO, CFO, CIO, CISO, General Counsel, and senior officers for human resources, communications, and key business lines) around cyber risk management policies in a NIST context; and Make key decisions regarding whether and how to use the Cybersecurity Framework to manage cyber risks. Following the Briefing, our team will deliver a white paper that summarizes the collaborative discussion, outlines the purpose and objectives of the NIST compliance, reviews how companies in your industry sector are implementing the Cybersecurity Framework, provides key takeaways and recommends next steps for your organization. 7

14 The NIST Cybersecurity Framework Assessment The NIST Cybersecurity Framework Assessment provides comprehensive services for companies seeking an independent assessment of their current cybersecurity practices to assess alignment with NIST, identify gaps and provide a tailored maturity rating for the company based on our unique methodology. We are also able to assist organizations who wish to conduct a self-assessment in the context of a NIST Framework risk management model. Under either assessment model, we help our clients determine their desired Target Market Profile and develop an action plan with improvement milestones and timelines to help the company achieve its Target Maturity Profile. This independent NIST Cybersecurity Framework Assessment affords a helpful tool for companies whose cybersecurity is being reviewed by customers, vendors, investors, insurance carriers, or other third parties. The Framework Core The heart of the NIST Cybersecurity Framework Assessment is the application of the Framework Core, which is intended to identify a set of cybersecurity activities, desired outcomes, and applicable references that are common across your organization and industry sector. When applied correctly, the Core provides a high-level, strategic view of the lifecycle of an organization s management of cybersecurity risks. We assist clients in achieving this objective through applying the five concurrent and continuous NIST Framework Core Functions to your organization. Working in tandem with your leadership team, we utilize the Core Functions to guide your cyber risk mitigation: Identify: Catalogue the resources necessary to support critical functions within your organization. Protect: Articulate specific protocols to ensure the delivery of critical functions. Detect: Identify methods for detecting cybersecurity threats at the early stage to minimize harm to critical functions. Respond: Adopt procedures for responding to a cybersecurity event. Recover: Develop contingencies for critical functions to ensure operational resilience. 8

15 Cybersecurity Profile Our cybersecurity team works with senior management officials in your company to develop a Current NIST Cybersecurity Profile (the Current Profile ) in light of your current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints. The Current Profile reflects the business and security objectives identified through the application of the Framework Core. Following the development of a Current Profile, we identify opportunities for improving your current cybersecurity posture (the as-is state ) in order to achieve a Target Profile (the to be state). This analysis reflects your business drivers and risk tolerance to determine the cost-effectiveness of innovation. Comparing the Current Profile and Target Profile, we generate an individualized roadmap for reducing cybersecurity risk that is aligned with your organizational and sector goals. The customized roadmap or gap analysis also reflects your legal/regulatory requirements, industry best practices, and risk management priorities. Our risk-based approach is designed to assist organizations in gauging how best to deploy their resources (e.g., staffing, funding) to achieve cybersecurity goals in a cost-effective and prioritized manner. The development of a NIST Current and Target Profile is a critical step in aligning standards, guidelines, and practices across the organization to achieve the desired state of cybersecurity preparedness. NIST Alignment Report Following the NIST Cybersecurity Framework Assessment, we will deliver a comprehensive NIST Alignment Report that is unique to your organization. The report will identify and prioritize specific policies practices and procedures for the implementation of a continuous and repeatable cybersecurity management program. In this context, the report will also: (1) describe your current cybersecurity posture; (2) describe a target state for cybersecurity; (3) assess progress toward your target state; and (4) recommend procedures for effectively communicating among internal and external stakeholders regarding cybersecurity risk. The NIST Alignment Report is intended to be a living document, which can and should be updated individually or with our assistance to reflect your organization s business drivers and security considerations. While compliance with the Cybersecurity Framework is not yet mandatory, many in the business community have expressed their intent to support and adopt the Framework. Our NIST Alignment Report can be presented to business partners, government agencies, and insurance carriers as evidence of your organization s serious consideration of the Framework s recommendations and intent to reflect the Framework in an existing cybersecurity risk management process. 9

16 O N G O ING SUPPORT AN D M AINT ENA NC E Yesterday s solutions are just that solutions to solve yesterday s problems. But in today s world, cybersecurity risks and threats are changing every day. Malicious actors and hackers constantly alter techniques to avoid defensive measures and overcome industry best practices. Additionally, new regulations, guidelines, and litigation will continue to shape the cybersecurity landscape and the obligations required of your company. As with the evolving nature of today s growing cyber threat, your SAP, cyber defenses, and best practices must also continue to evolve. Keeping abreast of the changing cybersecurity environment and regularly updating your company s SAP or protocols are essential to mitigating any potential cyber threats. To assist with these critical tasks, we provide our clients with a continuing relationship to help facilitate their awareness of the cybersecurity landscape and to help assist them with their ongoing cybersecurity maintenance. BOA R D O F D IR E C TO R S A N D S E N IO R M A N AG E M E N T C Y BE R S E C U R ITY A S S E S S M E N T Oversight of enterprise risks can be a challenge for many boards and senior management; yet, it is one of the most important responsibilities of the Board and C-Suite. Cyber threats can quickly devastate an organization and its ability to carry out its core functions. This threat has left many corporate leaders asking how they can do a better job overseeing the management of their organization s cyber risk exposure, and how they can improve board oversight to minimize the impact of a cyber incident. Understanding that each client has different needs, we provide various levels of maintenance and support. Our basic level provides a critical foundation of ongoing maintenance and support, which includes a monthly bulletin containing articles authored by our cybersecurity professionals that examine the recent and anticipated changes in the world of cybersecurity, including the current nature of the threat. Additionally, the bulletin will summarize recent litigation trends, case law, regulations, guidelines, proposed legislation, and other developments in the cybersecurity legal environment. This option also entitles your company to 5 hours per month of cybersecurity legal assistance from Blank Rome or cyber risk management assistance from Good Harbor, in the form of phone calls, requested research, or other legal support. We help senior leaders to discharge their risk oversight role by ensuring their organization s cyber risk management policies and procedures are consistent with the company s corporate strategy and risk appetite, and that these policies and procedures foster a culture of risk-adjusted decision-making. By conducting a thorough cybersecurity review for and with the C-Suite, we fully engage the board and senior management in the cyber risk mitigation process and assist them to: Develop effective corporate governance structures, policies and procedures, including establishment of appropriate committees, for managing cybersecurity risks. Identify Building on the benefits detailed above, our next level of maintenance and support provides your company with an additional 5 hours per month (for a total of 10 hours per month) of Blank Rome legal assistance. We will also perform an annual risk assessment update and an annual ECCS to test the adequacy of your current SAP. the material cyber risks their company faces in a timely manner; Implement Management is all about managing in the short term, while developing the plans for the long term. In addition to the aforementioned levels of cybersecurity support, we also offer supplemental services and benefits that are uniquely tailored to the individual needs of our clients. These supplemental services can consist of additional hours of support per month, periodic risk reviews, Executive Cyber Crisis Simulations, and updating your SAP. appropriate cyber risk management strategies responsive to the company s risk profile, business strategies, specific material risk exposures and risk tolerance thresholds; Integrate consideration of cybersecurity risk management into business decision-making throughout the organization; and Transmit Jack Welch necessary information with respect to material cyber risks and events to senior executives and, as appropriate, to the board or relevant committees. Following our review, we will deliver a detailed report containing specific recommendations for how your organization can improve its enterprise risk management effectiveness to address current and emerging cyber threats. 10 3

17 Blank Rome LLP, a nationally recognized Am Law 100 firm, and Good Harbor Security Risk Management LLC, a cyber risk consulting firm led by renowned cyber and national security expert Richard A. Clarke, assist our clients to combat the threat of cyber attacks. We can offer a privileged attorney-client relationship through which companies can identify and manage all of their security risks, protect their digital assets, and quickly respond to cyber threats while simultaneously protecting their efforts from discovery or inadvertent public disclosure. The only source of knowledge is experience. Albert Einstein A cyber attack can not only create devastating financial losses for your company, but also significant operational and reputational damages and costly lawsuits. Responsible cyber risk management requires a complex strategy of ongoing support to navigate any potential crises. Experience That Matters We provide the following services: Steven L. Caponi, Esq Advise the Board and senior management to identify the company s cyber risks, determine its risk appetite, and establish a culture and processes that incorporate risk into decision-making. Elizabeth A. Sloan, Esq Provide customized Threat Awareness Exercises designed to increase awareness among senior management of the cybersecurity challenges facing your company and industry segment. Conduct a crisis simulation designed to expose key decision makers to the realities of a true cyber incident and to test the strength of your cybersecurity defenses while identifying areas needing improvement. Prepare a tailored Strategic Action Plan ( SAP ) that enhances your organization s ability to mitigate cyber risk, successfully manage a cyber incident, and quickly return to maximum operational effectiveness. Conduct a NIST Cybersecurity Framework Assessment to benchmark NIST alignment, apply the five NIST Framework Core functions and develop actionable milestones to help companies achieve their NIST Target Maturity Profile. Provide ongoing cybersecurity support and maintenance through a variety of service offerings scalable to fit the needs of all companies. To learn more about how we may help you, please contact any member of our team listed on page 11. Richard A. Clarke Jacob Olcott CyberBro[Master] indd Emilian Papadopoulos

18 Working together, Blank Rome LLP and Good Harbor Security Risk Management LLC, haved teamed to provide a comprehensive solution for protecting your company s property and reputation from the unprecedented cybersecurity challenges present in today s global digital economy. Our multidisciplinary team of leading cybersecurity and data privacy professionals advises clients on the potential consequences of cybersecurity threats and how to implement comprehensive measures for mitigating cyber risks, prepare customized strategy and action plans, and provide ongoing support and maintenance to promote cybersecurity awareness. Focused on corporate security solutions BECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS.

19 OCTOBER 2014 No. 3 MAINBRACE INSIDE THIS ISSUE 1 Maritime Cybersecurity: A Growing Threat Goes Unanswered 11 Why Arbitration? Why Not? 3 Valuation in Maritime Chapter 11 Cases: Genco and NAV 15 Maritime Legislation Left Pending as Congress Exits Stage Right 5 Is the U.S. Prepared Legally and Operationally to Protect Its Arctic Interests? 17 YoungShip International Welcomes Texas and the United States! 8 Collection of Evidence in the U.S. for Use in Foreign Legal Proceedings under Section International Politics and Maritime Law Collide in Texas 9 Blank Rome Maritime Attorneys Co-Author Voyage Charters and Time Charters

20 MAINBRACE 1 BLANK ROME LLP Maritime Cybersecurity: A Growing Threat Goes Unanswered By Steven L. Caponi and Kate B. Belmont Steven L. Caponi PARTNER Kate B. Belmont ASSOCIATE The maritime industry may be one of the oldest in the world, but in-depth reports issued by the United States Accountability Office ( GAO ) and the European Network and Information Security Agency ( ENISA ) confirm that our industry is as susceptible to cyber security risks as the most cutting-edge technology firms in Silicon Valley. With the ability to commandeer a ship, shut down a port or terminal, disclose highly confidential pricing documents, or alter manifests or container numbers, even a minor cyber attack can result in millions of dollars of lost business and third-party liability. Unfortunately, cybersecurity on board merchant vessels and at major ports is 10 to 20 years behind the curve compared with office-based computer systems and competing industries throughout the world. Like other industries critical to the global economy, such as the financial services sector and energy, it is time for the maritime industry to adopt a proactive response to the growing cybersecurity threat. Economic and Security Perspectives Although not yet treated as a significant business risk, cybersecurity has for some time been viewed as a considerable threat by the governmental agencies responsible for both national and international maritime security. In late 2011, ENISA issued a sobering report focused on the cybersecurity risks facing the maritime industry, and provided recommendations for how the maritime industry should respond. Unfortunately, the most recent report issued by the GAO in June of this year confirms that the threat has grown more significant, but that the maritime industry has failed to make cybersecurity a priority. Copies of both the ENISA and GAO reports can be obtained by visiting Blank Rome s cybersecurity blog, Cybersecuritylawwatch.com. ENISA was prompted, in part, to issue its 2011 report because the maritime sector is universally viewed as critical to the security and prosperity of European society. ENISA noted that in 2010, 52 percent of the goods trafficked throughout Europe were carried by maritime transport, compared to only 45 percent a decade earlier. The ENISA report further noted that, throughout Europe, approximately 90% of EU external trade and more than 43% of the internal trade take place via maritime routes. The industries and services belonging to the maritime sector are responsible for approximately three to five percent of EU Gross Domestic Product. This vast amount of trade flows into and out of the numerous ports located in 22 EU member states. From both an economic and security perspective, the ability to disrupt the flow of maritime goods in Europe or the United States would have a tremendous negative impact on the respective local economies, and would also be felt worldwide. According to ENISA, The three major European seaports (i.e., Rotterdam, Hamburg, and Antwerp) accounted in 2010 for 8% of overall world traffic volume, representing over million TEUs. Additionally, these ports carried in % of the international exports and 18% of the imports. For its part, the GAO noted that, as an essential element of America s critical infrastructure, the maritime industry operates approximately 360 commercial sea ports that handle more than $1.3 trillion in cargo annually. The Long Beach port alone services 2,000 vessels per year, carrying over 6.7 million TEUs, which accounts for one in five containers moving through all U.S. ports. Long Beach ranks among the top 21 busiest ports internationally, with significant connections to Asia, Australia, and Indonesia. With the ability to commandeer a ship, shut down a port or terminal, disclose highly confidential pricing documents, or alter manifests or container numbers, even a minor cyber attack can result in millions of dollars of lost business and third-party liability. Given the interconnectivity of the maritime industry and paramount need to keep ports moving with speed and efficiency, a cyber attack on just one of the major EU or U.S. ports would send a significant negative ripple throughout the entire industry. With the ability to impact so many nations and peoples at once, the maritime industry presents a fruitful target for

BECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS. www.blankrome.com/cybersecurity

BECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS. www.blankrome.com/cybersecurity Working together, Blank Rome LLP and Good Harbor Security Risk Management LLC, haved teamed to provide a comprehensive solution for protecting your company s property and reputation from the unprecedented

More information

HOW TO RUN A PROFITABLE LAW FIRM: A 360 APPROACH NYCLA CLE I NSTITUTE. Program Co-Sponsors: Berdon LLP CPAs and Advisors

HOW TO RUN A PROFITABLE LAW FIRM: A 360 APPROACH NYCLA CLE I NSTITUTE. Program Co-Sponsors: Berdon LLP CPAs and Advisors NYCLA CLE I NSTITUTE HOW TO RUN A PROFITABLE LAW FIRM: A 360 º APPROACH Prepared in connection with a Continuing Legal Education course presented at New York County Lawyers Association, 14 Vesey Street,

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act JULY 17, 2014 2013 Venable LLP 1 Agenda 1. Security Risks affecting the Maritime Transportation System (MTS) 2. The

More information

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by

More information

T he I ns and O uts of T ax

T he I ns and O uts of T ax n s t i t u t e I N Y C L A - C L E T he I ns and O uts of T ax A udits : W hat Y ou N eed to K now Prepared in connection with a Continuing Legal Education course presented at New York County Lawyers

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

More information

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted

More information

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure

More information

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

Blank Rome Mari me OFFICES. www.blankrome.com. BOCA RATON 1200 North Federal Highway Suite 312 Boca Raton, FL 33431

Blank Rome Mari me OFFICES. www.blankrome.com. BOCA RATON 1200 North Federal Highway Suite 312 Boca Raton, FL 33431 OFFICES BOCA RATON 1200 North Federal Highway Suite 312 Boca Raton, FL 33431 CINCINNATI 1700 PNC Center 201 East Fifth Street Cincinnati, OH 45202 FORT LAUDERDALE Broward Financial Centre 500 East Broward

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05 Cyber Risk Management Guidance Purpose This advisory bulletin provides Federal Housing Finance Agency (FHFA) guidance on cyber risk management.

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

CGI Cyber Risk Advisory and Management Services for Insurers

CGI Cyber Risk Advisory and Management Services for Insurers CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am 1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Integrated Risk Management. Balancing Risk and Budget

Integrated Risk Management. Balancing Risk and Budget Integrated Risk Management The Current Risk Landscape Organizations which depend upon information systems are challenged by serious threats that can exploit both known and unknown vulnerabilities in systems.

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Presidential Summit Reveals Cybersecurity Concerns, Trends

Presidential Summit Reveals Cybersecurity Concerns, Trends Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

Improving Cyber Security Risk Management through Collaboration

Improving Cyber Security Risk Management through Collaboration CTO Corner April 2014 Improving Cyber Security Risk Management through Collaboration Dan Schutzer, Senior Technology Consultant, BITS Back in March 2013, I wrote a CTO Corner on Operational and Cyber Risk

More information

THE WHITE HOUSE Office of the Press Secretary

THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Cybersecurity Awareness for Executives

Cybersecurity Awareness for Executives SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015 Maritime Insurance Cyber Security Framing the Exposure Tony Cowie May 2015 Table of Contents / Agenda What is cyber risk? Exposures - Should we be concerned about "Cyber"? Is Cyber covered under a Marine

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

More information

Are your people playing an effective role in your cyber resilience?

Are your people playing an effective role in your cyber resilience? Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

Meeting the Information Security Management Challenge in the Cyber-Age

Meeting the Information Security Management Challenge in the Cyber-Age Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights

More information

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh Presentation Format Four Key Questions How important is cyber risk and how should we view the cyber threat?

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the technology and telecommunications

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Cyber Security and the Board of Directors

Cyber Security and the Board of Directors Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a

More information

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT) INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015

More information

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

Cyber security: Are consumer companies up to the challenge?

Cyber security: Are consumer companies up to the challenge? Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies

More information

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on

More information

Partnership for Cyber Resilience

Partnership for Cyber Resilience Partnership for Cyber Resilience Principles for Cyber Resilience 1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space 2. Role of leadership: Encourage

More information

Getting real about cyber threats: where are you headed?

Getting real about cyber threats: where are you headed? Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

Written Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -

Written Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee - Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing entitled Examining the Evolving Cyber Insurance Marketplace. Thursday, March 19, 2015 Written Testimony of Michael

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

America s New Cybersecurity Framework: Help or New Source of Exposure?

America s New Cybersecurity Framework: Help or New Source of Exposure? America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013

More information

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction

More information

A L awyer s G uide to M edical R ecords : U nderstanding the

A L awyer s G uide to M edical R ecords : U nderstanding the n s t i t u t e I N Y C L A - C L E A L awyer s G uide to M edical R ecords : U nderstanding the S tory T hey T ell and H ow to U se T hem Prepared in connection with a Continuing Legal Education course

More information

Crisis Prevention and Response Services. NYA International. Crisis Prevention and Response Services. Crisis Prevention and Response Services

Crisis Prevention and Response Services. NYA International. Crisis Prevention and Response Services. Crisis Prevention and Response Services NYA International B Effective risk management begins with a comprehensive understanding of the threat and an organisation s vulnerability, and the application of appropriate mitigation measures. Operating

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

The Path Ahead for Security Leaders

The Path Ahead for Security Leaders The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.

More information

Healthcare Security: Improving Network Defenses While Serving Patients

Healthcare Security: Improving Network Defenses While Serving Patients White Paper Healthcare Security: Improving Network Defenses While Serving Patients What You Will Learn Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information