Should Information Security be an essential element of Business Strategy?
|
|
- Kerrie Sherman
- 8 years ago
- Views:
Transcription
1 CRISIL YOUNG THOUGHT LEADER COMPETITION Should Information Security be an essential element of Business Strategy? PRIYANKA ARORA XAVIER INSTITUTE OF MANAGEMENT, BHUBANESHWAR MBA ( ) Contact:
2 TABLE OF CONTENTS Executive Summary Introduction Information Security What is Information Security Information Security as a Critical Component of Business Strategy Investing in Information Security Pitfalls of inadequate focus on Information Security Benefits of investing in Information Security Measures & Risk Mitigants Key Developments in Information Security- Riding the Security Wave Preparing for Tomorrow- Way Forward Potential Catalysts and Roadblocks Future of Information Security Architectures in Global Corporations Conclusion... 8 References... 9 i
3 TABLE OF FIGURES Figure 1: Business Security Investments... 3 Figure 2: Strategic Security Initiatives... 3 Figure 3: Loss of Business Opportunities... 4 Figure 4: Benefits of Security Frameworks... 5 ii
4 Executive Summary As the need of customers and clients for greater data access is rising in an extremely connected world, the threat landscape in information architectures is also increasing. Many organizations have become aware of such security breach opportunities and have taken sufficient precautionary measures to fortify their information security architecture; however, many of them still undermine the security investments for their organizations. This paper attempts to assess the benefits and potential of information security architectures in an organization and examine if they are an essential element of business strategy these days. Through extensive secondary research, efforts have been made to identify instances where utility of information security architecture has had transformational effects on an organization and also how it is making its presence through its key developments and its future potential. This paper is divided into two broader portions which examine the existing and potential state of affairs of information security. In the initial portion of the report, information security has been explained with its current involvement and benefits in the business organizations. Further, the key developments and the pitfalls of inadequate focus on the adoption of security frameworks has been covered. The latter portion of this report demonstrates the future of the information security architectures along with the potential catalysts and roadblocks in increasing emphasis in this domain. This paper ascertains that the evolving information security architectures are the need of the hour for every business and must be implemented to have a sustainable competitive advantage. 1
5 1. Introduction If you think technology can solve your security problems, then you don t understand the problems and you don t understand the technology. Bruce Schneier The above statement by Bruce Schneier highlights how with the growing technology, the threat environment has escalated dramatically. Today, the information systems are working on the public and private domains continuously to give us the digital life we are accustomed to. However, as the integration of IS has grown, there is an increased risk that emanates from the extreme reliance on the modern technology upon which the worldwide economies depend upon. To create a defensive system towards various cyber-attacks and manage their sensitive data exposure, information security has become a keystone in almost all businesses. According to a study conducted by Gerencser and Aguirre [1], in 2002 corporate security stood as a top management concern and averaged to 7.5 on a 10 point scale in importance. Among the wide range of risks concerning the CEOs along with the challenging global growth environment, 61% of CEOs are most concerned about cyber threats including lack of data security [2]. According to Gartner [3], by 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures. These numbers testify the growing importance of information security for corporations in the wake of increasing cyber-security threats. 2. Information Security 2.1. What is Information Security? Information Security is designed to handle risk management. According to ISO 17799, Information Security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. The US Code [4] probably contains the best definition: The term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide - (A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; (B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and (C) availability, which means ensuring timely and reliable access to and use of information. 2
6 This definition highlights the harm caused to businesses or people if there is a disruption in integrity, confidentiality or availability of information. It is based on the concept that it is the role of information security to minimize the possibility of such harms. As cyber security incidents continue to proliferate across the globe, there is an increasing acceptance of information security measures among the organizations as it s becoming clear that management of such threats is more essential than its elimination. Infact, Information Security is no longer just a special interest for those interested in technology but increasingly being considered as a matter of protecting society as a whole Information Security as a Critical Component of Business Strategy Businesses are becoming aware of the rising information security threats and are investing in core safeguards to better protect their organizations against evolving threats. Below are the snapshots of the involvement of business in security initiatives. Figure 1: Business Security Investments Source: PWC Report[9] Figure 2: Strategic Security Initiatives Source: PWC Report[9] 3. Investing in Information Security 3.1. Pitfalls of inadequate focus on Information Security Many corporations simply endanger their businesses by not incorporating a cyber-risk averse architecture and not spending enough on information security. However, a lack of definite security spending strategy makes the organizations struggling to understand how much to spend on security and calculate the ROI on their security spend. In 2007, Sony s senior vice president, Jason Spaltro, pointed out that "it s a valid business decision to accept the risk" of a security breach, further adding "I will not invest $10 million to avoid a possible $1 million loss."[5] This economic argument from Spaltro seems logical enough in terms of Rate of Investment achieved. However, if we see the security risk as the product of 3
7 security breach cost and the probability of its occurrence, we find that both the Cost and Probability have increased giving a rise to risk in terms of both the fronts. The short-sighted view of Sony in terms of negotiating privacy proved detrimental to it as it faced a major cyber security attack which forced it to shut down the services for some time and tell more than 100 million registered users that their personal data might have been stolen. Looking at the similar past breach cases where security concerns have been neglected by the corporations, we find that companies usually underestimate the likelihood of a breach in their future. The companies are making trade-offs with the risk management. The point is that while doing so, they must make sure to weigh the implications of negotiating the privacy measures. Direct Monetary Losses- According to a study [6] by Kaspersky, Damages from one successful targeted attack could cost company as much as $2.54 million. Damage to Reputation and Value of the Organization- Damage to reputation of the company which may further lead to a stock price drop and loss of investors. Average Reputational Damages could total up to US$204,750 for an enterprise and up to US$8,653 for a small business. [7] Loss of Business Opportunities- This may arise from the nature and impact of the attack and may lead to loss of revenue and reduced profits. The average enterprise cyber-attack bill includes up to US$58,000 for loss in business opportunities. [7] Loss of Talent- As in the case of Sony hack due to bad publicity, many senior executives resigned. Legal Liabilities- These may arise, for example, from claims by the data subject or third party whose personal or confidential information has been disclosed or publicised. Directors may have personal liability for certain breaches Benefits of investing in Information Security Measures & Risk Mitigants Malicious attacks and data breaches across multiple industries are a growing concern for businesses, especially in the age of cloud and analytics which have been highly vulnerable to increasing security risks. A data breach can result in huge losses to the organizations that are way beyond the financials and involve the whole brand at stake. Despite this, as per Ponemon [8] Study, only 38 percent of companies have a security strategy to protect their IT infrastructure. Infact, it also reveals that companies that have a strong security posture were able to reduce the cost by as much as $14 per record. [8] Estimated Average SMB Enterprises Base 1, Total Expected Damages 33K 636K Total Reactive Spend 10K 84K Overall Financial Impact 42K 720K Figure 3: Loss of Business Opportunities Source: Kaspersky Lab Report[6] 4
8 Compliance Compliance with various legislation and contractual requirements shows the quickest return on investment Benefits of Investing in Information Security Competitive Lowering the Advantage Expenses Gives a marketing Investing in edge to the Information Security organization brings down the cost especially if it with the decreasing handles clients number of incidents sensitive information Optimizing Operations Helps in the strengthening of the internal organization with the clear definition of tasks and responsibilities Figure 4: Benefits of Security Frameworks Source: PWC Report[9] 4. Key Developments in Information Security- Riding the Security Wave From viruses and adwares to phishing and DDoS attacks, the information security industry has seen the sophistication and scale of the attacks evolving in the past two decades. Below is a table mentioning how the threat and security landscape have developed in the past years. Reflection of the Past In 1989, The Morris Worm and other early attacks like $70-million Computer thefts in National Bank of Chicago, rang the bell in the security industry and led to the establishment of Computer Emergency Response Teams(CERTs) to address the network security. The initial reactions from the industry followed many security products that helped in early prevention and detection. 5
9 Threat Goes Global Target Breaches Modern Day In 1990s, viruses were viral and infected millions of PCs making the security industry fail globally. These threats led to the development of the antivirus technology, firewalls and awareness of individuals and organizations towards the dangers that come with the use of information technology. The new millennium saw target breach attacks with the attacks in the likes of credit card information hacks, botnet attacks, denial-of-service attacks etc. The whole industry was exposed to the dire consequences of being unprotected and hence there was a rise of more sophisticated security systems involving larger use of encryption, cryptography and digital signatures etc. Many laws and regulations like HIPAA and PCI Data Security Standard were also created during this time. Today, we have reached a stage where cyber-threats are so sophisticated and developed that it sometimes seems impossible to tackle. Besides, the technology development involving intrusion detection and prevention systems, content filters, layered defenses etc. to address the rising security threats, there is an increasing emphasis on building the organizational resilience to such attacks and other aftermath measures once the breach has occurred. 5. Preparing for Tomorrow- Way Forward 5.1. Potential Catalysts and Roadblocks There is an increasing emphasis on implementing information security measures where organizations can have access to valuable opportunities by taking advantage of the potential catalysts and have manageable risk assessment approach towards the potential roadblocks by knowing them well in advance. Potential Catalysts Government Legislations and Regulations Additional regulations and the regulatory costs levied by the government on the organizations for not complying with the security laws have prompted many companies to make information security as their priority. Focus Beyond Data Leakage There is a rise in focus on areas beyond data loss and in this concern we see optimization of capabilities such as combining firewalls, URL filtering, and engaging encryption on the data objects etc. Many organizations are hiring third party vendors for security consulting, advisory and assessment services. Infact, according to a Forrester 6
10 report[10], the information security consulting services market leading pack s annual revenue is atleast $60 million. Increased Awareness With the increased awareness towards the serious risks involved in the cybersecurity, organizations are detecting more incidents and hence saving on huge anticipated information security losses. 44% and 64% more incidents were detected by large and medium sized organizations respectively [11]. Potential Roadblocks Organization Culture Usually, all organization cultures resist changes no matter how inefficient the process is. Staff turnover is one of the additional reasons why security training amongst employees become a struggle. Also, Accidental information leaks within organizations can occur even in the safest environments. Hence, Security teams must emphasize on giving right security training; thus driving behaviour change in its culture in order to have the right focus on Information Security. Aware though not Beware Citing the need for security after rising threats to data loss, many companies have taken serious steps, however majority is yet to follow. Companies are now fully aware about the implications of a security threat but place relative low priority on security. Mobile Workforce and Wireless Computing With the rising adoption of cloud/mobile/internet of Things/ webscale technologies, information security concerns also increase because the confidential information is really on the move and needs to be protected Future of Information Security Architectures in Global Corporations Below we see the major positive security trends (The 4 E s) that are going to be visible in the near future. -Encryption and self-protecting data: Many corporations are turning to encryption to protect their privacy, especially since the recent attacks. Apple has enabled full encryption in its new ios, and Google s new Android Version, Marshmallow, also makes full encryption as a mandate for most new devices. Infact, we can expect this trend to grow in Emerging Machine Learning Technologies: With artificial intelligence almost everywhere, from Google to Siri to self-driving cars, we can expect machine learning to learn malware patterns and offset all the security threats. According to a recent article in InfoWorld[12], Machine learning can be used to not just detect frauds but also in flagging network anomalies, tracking user behavior, or detecting zero-day malware. 7
11 -Empowering Visibility: There is an increasing need for the organizations to monitor how, where and by whom their data is being used. This need has led to the need for empowering the visibility of things in organizations and infact organizations have been concentrating their efforts in this area. As per the NTT s GTI report [13], the security perimeter is shifting- with seven out of top ten vulnerabilities identified at the end-user level. - Extending control to Application Level: Many companies are in search of risk management strategies to manage Bring-Your-Own-Device phenomenon. New application technologies like Mobile Application Wrappers are addressing this by extending the security to the application level instead of the devices. 6. Conclusion Utility of the emerging information technology trends is undeniable; however, they have the security vulnerabilities associated with them which cannot be overlooked. Thus, we can admit that there is good, bad and ugly to the Information Technology landscape and businesses must evolve in their security arena to have a sustainable competitive advantage. The Good- Information is on the move and of easy access, enabling organizations to be productive and promoting creativity making new business outcomes possible. The Bad- With the data on the move, hackers are easily able to seize the blockades to reach the secure data and hence leaving almost all our information risky. The Ugly- Many corporations even after becoming aware of the rising security risks do not take a holistic approach towards security and thus leave their information unprotected. 8
12 References [1] M. Gerencser and D. Aguirre, Security Concerns Prominent on CEO Agenda, Strategy + Business Press,2002. URL: [2] PwC, 18th Annual Global CEO Survey, 2015 [3] Gartner Press Release, URL: [4] US Code Title 44, Chapter 35, Subchapter III, 3542, URL: [5] Allan Holmes, The Complying Game, Vol/20, No/13(2007):48 [6] Kaspersky Lab, IT Security Risks Survey, 2014 [7] Kaspersky Lab, Businesses spend more than half a million U.S. Dollars to recover from a Cyber Attack, 2015 URL: [8] Ponemon Institute, Company Data Breach now costs $3.5M on Average, 2014 URL: [9] PWC, Turnaround and transformation in cybersecurity, 2016 [10] Forrester, The Forrester Wave: Information Security Consulting Services, 2016 [11] PWC, The Global State of Information Security Survey,2015. URL: html [12] Eric Knorr, Enterprise Tech Trends for 2016 and Beyond, URL: and-beyond.html [13] NTT Group, Global Threat Intelligence Report,
Global Corporate IT Security Risks: 2013
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationIT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS
IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationDAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES
DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationCyber-Security Risk in the Global Organization:
Cyber-Security Risk in the Global Organization: Trends, Challenges and Strategies for Effective Management David Childers, CCEP, CIPP CEO, Compli Todd Carroll Assistant Special Agent in Charge, FBI Three
More informationImpact of Cybersecurity Innovations in Key Sectors (Technical Insights)
Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationMalware isn t The only Threat on Your Endpoints
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationInformation Security in Business: Issues and Solutions
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationVIGILANCE INTERCEPTION PROTECTION
MINIMIZE CYBERTHREATS VIGILANCE INTERCEPTION PROTECTION CYBERSECURITY CDW FINANCIAL SERVICES 80 million identities were exposed by breaches in financial services in 2014. 1 1 symantec.com, Internet Security
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationFEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose
FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05 Cyber Risk Management Guidance Purpose This advisory bulletin provides Federal Housing Finance Agency (FHFA) guidance on cyber risk management.
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationData Center Security in a World Without Perimeters
www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSecurity Camp Conference Fine Art of Balancing Security & Privacy
Security Camp Conference Fine Art of Balancing Security & Privacy Kim Bilderback AT&T Director GovEd Cybersecurity Services kb7459@att.com August 21, 2014 Cybersecurity - The Threats Increase AT&T DDoS
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationCSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table
CSG & Cyberoam Endpoint Data Protection Ubiquitous USBs - Leaving Millions on the Table Contents USBs Making Data Movement Easy Yet Leaky 3 Exposing Endpoints to the Wild. 3 Data Breach a Very Expensive
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationCYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts
CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationUtilizing Pervasive Application Monitoring and File Origin Tracking in IT Security
4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationPresented By: Corporate Security Information Security Treasury Management
Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY An Inside Job Cyberthreats to your business are usually blamed on outsiders nefarious programmers writing malicious code designed to pilfer your
More informationFINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES
FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationDefending Against Cyber Security Threats to the Payment and Banking Systems
NYU Leonard N. Stern School of Business Master of Science Risk Management RISK MANAGEMENT SYMPOSIUM 2015 Defending Against Cyber Security Threats to the Payment and Banking Systems Andrew Koh Class of
More informationToday s Cybersecurity Technology: Is Your Business Getting Full Protection?
A WHITE PAPER SDX Technologies Today s Cybersecurity Technology: Is Your Business Getting Full Protection? 1 Today s Cybersecurity Technology EXECUTIVE SUMMARY Information technology has benefited virtually
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationState of Security Survey GLOBAL FINDINGS
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationSecurity Defense Strategy Basics
Security Defense Strategy Basics Joseph E. Cannon, PhD Professor of Computer and Information Sciences Harrisburg University of Science and Technology Only two things in the water after dark. Gators and
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationCyber Risk to Help Shape Industry Trends in 2014
Cyber Risk to Help Shape Industry Trends in 2014 Rigzone Staff 12/18/2013 URL: http://www.rigzone.com/news/oil_gas/a/130621/cyber_risk_to_help_shape_industry_trends_i n_2014 The oil and gas industry s
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationSecure Computing s TrustedSource
The industry s most acclaimed reputation system Proactive security based on global intelligence. Secure Computing s TrustedSource One of the most important characteristics of enterprise security is proactive
More informationElevation of Mobile Security Risks in the Enterprise Threat Landscape
March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationCOMBATING CYBER THREATS: A HOW TO FOR THE CISO.
www.wipro.com COMBATING CYBER THREATS: A HOW TO FOR THE CISO. Gopinathan. K, Practice Head - Managed Security and Network Services, Global Infrastructure Services (GIS), Wipro Infotech Contents 02 -------------------------------------
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationCyber Security Competency Center
Cyber Security Competency Center Overview February 2014 1 Overview As data and information have become intertwined with our daily life; they can be fairly regarded as the top asset of companies around
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationwww.pwc.com/mt Internal Audit Takes On Emerging Technologies
www.pwc.com/mt In Internal Audit Takes On Emerging Technologies Contents Introduction 2 Cloud Computing & Internal Audit 3 Smart Devices/ Technology & Internal Audit 6 Social Media & Internal Audit 8 Cyber
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationBuilding a Business Case:
Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationCGI Cyber Risk Advisory and Management Services for Insurers
CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More information