Cyber Risk Management with COBIT 5
|
|
- Lizbeth Jodie Flowers
- 7 years ago
- Views:
Transcription
1 Cyber Risk Management with COBIT 5 Marco Salvato CISA, CISM, CGEIT, CRISC, COBIT 5 Approved Trainer 1
2 Agenda Common definition of Cyber Risk and related topics Differences between Cyber Security and IS Security Understand the Cyber Warfare: the threats, the actors, the behavior and the motivations How ISACA support us dealing with the Cyber Risk 2
3 Security Risk? Cyber Risk Cyber Crime Cyber Resiliance 3
4 4
5 The Internet of Things (IoT) 5
6 Why we should take care about cyber risk How many cyber attacks are there in the world? 6
7 Why we should take care about cyber risk Ten Million Cyber attacks A Day (link) Cyber-attacks Cost $1 Million on Average to Resolve (link) 7
8 Norse Dark Intelligence 8
9 Digital Attack Map DDOS attack data from Google Datacenters + Arbor Networks 9
10 Cybersecurity definitions - ISACA The term Cyber Security addresses the governance, management and assurance that go beyond standard information security. Cybersecurity focuses on specific, highly sophisticated forms of attack and covers the technical and social aspects of the attack. Many definitions exist for cybersecurity, and the term is often misunderstood. The official EU definition follows: Cyber Security commonly refers to the safeguards and actions that can be used to protect the cyber domain, both in the civilian and military fields, from those threats that are associated with or that may harm its interdependent networks and information infrastructure. Cyber Security strives to preserve the availability and integrity of the networks and infrastructure and the confidentiality of the information contained therein. Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 10
11 Cybersecurity definitions - ISACA ISACA defines Cyber Security as follows: The protection of information assets by addressing threats to information that is processed, stored and transported by internetworked information systems. In its Transforming Cybersecurity publication, ISACA further describes Cyber Security as follows: Cyber Security encompasses all that protects enterprises and individuals from intentional attacks, breaches and incidents as well as the consequences. In practice, Cyber Security addresses primarily those types of attack, breach or incident that are targeted, sophisticated and difficult to detect or manage. the focus of Cyber Security is on what has become known as advanced persistent threats (APTs), cyberwarfare and their impact on enterprises and individuals. Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 11
12 Cybersecurity definitions - ISACA Cyber Risk is an ever-present threat, defined as any risk of financial loss, disruption or damage to the reputation of the organization from some sort of failure to its information technology systems. (Institute of Risk Management) It is possible to identify some main risk categories: losses due to cyber crime and cyber terrorism and cyber sabotage accidental loss of your own or someone else s data physical loss of systems (Critical information infrastructure break down) liability for your information/data (business data, online activities, s, ) Moreover, Cyber Risk is the risk arising from Cyber Crime, defined by Canadian Law is as follows: Crimes in which the computer is the target of the criminal activity; Crimes in which the computer is a tool used to commit the crime, and; Crimes in which the use of the computer is an incidental aspect of the commission of the crime. Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 12
13 Cybersecurity definitions - ISACA There are two similar characteristics between Cyber Risk and Cyber Crime: they all have a potential great impact they were all once considered improbable Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 13
14 Cyber Attack Taxonomy - ISACA Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 14
15 Information Security and Cybersecurity Focus (PESTLE) - ISACA Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 15
16 Attacks and Threat Levels - ISACA Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 16
17 The Threat Attack Techniques Source: McAfee Labs Threat s Report Report Fourth Quarter
18 The Threat Motivation Behind Attacks Source: McAfee Labs Threat s Report Report Fourth Quarter
19 The Threat Distribution of Targets Source: McAfee Labs Threat s Report Report Fourth Quarter
20 The Threat Source: McAfee Labs Threat s Report Report Fourth Quarter
21 The Threat 21
22 The Target Story (2014) Company background Founded in 1902 Second largest discount retailer in the US after Walmart Ranked 36 th on Fortune 500 (2013) 1,916 stores Revenue (2013) US$72.6 (Source: Wikipedia) The attack Attacked not the central systems of the company but Point Of Sales (PoS) systems. Targeted Windows OS used to acquire data from Card readers. The System perform data encryption in memory: the malware scans the machine memory for Credit Card data. Data is sent externally of the company Data is used for Card Cloning. Attack vector from external third party (Fazio Mechanical Service - FMS): Malware via Phishing to FMS No enterprise AV used Stolen credentials used to get inside Target systems via HVAC system of FMS in Target. (Source: McAfee Labs Threat Advisory EPOS data Theft) 22
23 The Target Story (2014) Timeline and costs 23 Dec Company sued by customers Phone scam campaign starts Phishing campaign start 28 Dec All card data stolen Also PIN 7 Feb Credit cards stolen reissued (@ 10$/card, expected 700M $) 18 Feb Target Security reports available from October 2013 but no action taken 24 Feb Share buy-back halted (4M $) 26 Feb Profit -46% for Quarter -5,3% sales Shares value -11% 5 March CIO Resign Compliance Office fired 18 March Target was PCI- DSS compliant: not enough July New CEO appointed Earning -20% Share value 20% Costs: 148M $ (38M $ covered by insurance) December 2013 January 2014 February March July 19 Dec Breach notice to 40M customers 10% discount offered Offered free credit checks to customers 10 Jan Damage perimeter re-estimated: 70M customers 13 Jan Malware detected and removed 22 Jan Lay off 475 employees Stop hiring of 700 planned employees 29 Jan Forensic analysis confirm usage of partner poor security for HVAC system to get inside the network (Fazio Mechanical) 26 March Target sued by banks to recover card reissuing costs Target security auditor sued April - June 100 lawsuits active Regulators investigations 23
24 The Target Story (2014) Stock effects 19 Dec Breach notify July Operative results published 26 March Bank sues Target 10 Jan 70M breach notify April - June Banks sues Target 24
25 Cybersecurity Governance Governance over cybersecurity has a much wider scope than governance over information security, due to the multiple facets of cybercrime and cyberwarfare. The cybersecurity governance framework covers enterprise security, social elements and technology. Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 25
26 ISACA & ENISA ISACA as a nonprofit, global membership association for IT and information systems professionals, ISACA is committed to providing its diverse constituency of more than 115,000 worldwide with the tools they need to achieve individual and organizational success. The benefits offered through our globally accepted research, certifications and community collaboration result in greater trust in, and value from, information systems. Through more than 200 chapters established in more than 80 countries, ISACA provides its members with education, resource sharing, advocacy, professional networking, and a host of other benefits on a local level. ENISA the European Union Agency for Network and Information Security, working for the EU Institutions and Member States. ENISA is the EU s response to these cyber security issues of the European Union. As such, it is the 'pace-setter' for Information Security in Europe, and a centre of expertise. The objective is to make ENISA s web site the European hub for exchange of information, best practices and knowledge in the field of Information Security. This web site is an access point to the EU Member States and other actors in this field. 'ENISA- Securing Europe's Information Society' 26
27 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation Series 27
28 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 28
29 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation Series 29
30 ISACA Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 30
31 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation Series 31
32 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation Series 32
33 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation 33
34 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 34
35 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 35
36 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 36
37 ENISA Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 37
38 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 38
39 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 39
40 ISACA European Cybersecurity Implementation Series Source: ISACA, 2014, European Cybersecurity Implementation Series, European Cybersecurity Implementation: Overview 40
41 41
42 Cybersecurity Nexus 42
43 In conclusione ISACA ha concentrato i propri sforzi nella realizzazione di molte pubblicazioni sul tema, tra cui la European Cybersecurity Implementation Series, per fornire un supporto all implementazione della sicurezza informatica, in linea con i requisiti europei e le good practise internazionali. Per maggiori informazioni, visitate: Domande? 43
WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationTHE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW
www.isaca.org/cyber THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW ROBERT E STROUD CGEIT CRISC INTERNATIONAL PRESIDENT ISACA & VP STRATEGY & INNOVATION CA TECHNOLOGIES February 2015 ISACA
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationISACA S CYBERSECURITY NEXUS (CSX) October 2015
ISACA S CYBERSECURITY NEXUS (CSX) October 2015 DO2 EXECUTIVE OVERVIEW Will you be a Cyber defender? ISACA launched the Cybersecurity Nexus (CSX) program earlier this year. CSX, developed in collaboration
More informationCYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA
CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA Robert Stroud International President, ISACA VP Strategy & Innovation, CA Technologies
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationNew challenges in Data privacy.
New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationHans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA
Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA HANS HENRIK BERTHING Married with Louise and dad for Dagmar and Johannes CPA, CRISC, CGEIT, CISA and CIA ISO 9000 Lead Auditor Partner and owner for Verifica
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationExecutive Cyber Security Training. One Day Training Course
Executive Cyber Security Training One Day Training Course INTRODUCING EXECUTIVE CYBER SECURITY TRAINING So what is all this we hear in the media about cyber threats? How can an organization understand
More informationHOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE
HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE ISACA S CYBER SECURITY NEXUS Ivan Sanchez-Lopez Senior Manager Information Security, IT Risk & Continuity, DHL Global Forwarding ISACA Luxembourg
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationNorth Texas ISSA CISO Roundtable
North Texas ISSA CISO Roundtable Roundtable Topic Threat Against Our Well Being The Most Effective Methods in Combating and Responding to the Cyber Attack Event Sponsor Moderator and Panelists David Stanton
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationCYBERSECURITY NEXUS CSX. 15 October 2014 ISACA Winchester Chapter
CYBERSECURITY NEXUS CSX 15 October 2014 ISACA Winchester Chapter INTRODUCTION Career International Brewer, various roles (1991-1996) KPMG, IT Risk Service Line Leader (1996-2012) Betfair, Head of Governance,
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
More informationCYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts
CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationWhat Directors need to know about Cybersecurity?
What Directors need to know about Cybersecurity? W HAT I S C YBERSECURITY? PRESENTED BY: UTAH BANKERS ASSOCIATION AND JON WALDMAN PARTNER, SENIOR IS CONSULTANT - SBS 1 Contact Information Jon Waldman Partner,
More informationPresented By: Corporate Security Information Security Treasury Management
Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationPrepare Yourself for the Digital Battlefield. Christopher May. 27 Feb 2014
Prepare Yourself for the Digital Battlefield Christopher May 27 Feb 2014 2014 Carnegie Mellon University Overview Who is this guy? What is the Digital Battlefield? Why do I want to work in Cyber Security?
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationNuclear Security Requires Cyber Security
Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationwww.pwc.com/cybersecurity Cybersecurity and Cloud Briefing December 3, 2015
www.pwc.com/cybersecurity Cybersecurity and Cloud Briefing Wendy L. Frank, principal,, Advisory, Cybersecurity, Privacy and Risk wendy.l.frank@pwc.com Office (213) 217-3615 Former Chief Security Officer
More informationData Security Breach. How to Respond
Data Security Breach How to Respond About ERM About The Speaker Information Security Director at ERM CISSP, CISA, CRISC, PCIP, PCI-QSA Core Experience: Information Assurance Computer Forensics Penetration
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationRETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015
RETHINKING ORC: NRF S CYBER SECURITY EFFORTS OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015 No Organization is Secure Source: http://www.informationisbeautiful.net An Average
More informationCybernetic Global Intelligence. Service Information Package
Cybernetic Global Intelligence Service Information Package / 2015 Content Who we are Our mission Message from the CEO Our services 01 02 02 03 Managed Security Services Penetration Testing Security Audit
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationCSM-ACE 2014 Cyber Threat Intelligence Driven Environments
CSM-ACE 2014 Cyber Threat Intelligence Driven Environments Presented by James Calder Client Services Manager, Singapore 1 CONTENTS Digital criminality Intelligence-led security Shylock case study Making
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationFINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES
FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world
More informationStrategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013
Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationAuditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement
Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationMEETING THE NATION S INFORMATION SECURITY CHALLENGES
MEETING THE NATION S INFORMATION SECURITY CHALLENGES TO ADDRESS SKILLS AND WORKFORCE SHORTAGES IN THE INFORMATION SECURITY INDUSTRY, THE NATIONAL SECURITY AGENCY AND THE DEPARTMENT OF HOMELAND SECURITY
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationRethinking Cyber Security Threats
Rethinking Cyber Security Threats (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 Frank Chow CISSP ISSAP ISSMP CSSLP CGEIT CRISC CISM CISA Chairperson of Professional Information
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationCloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority
Cloud Security Standards Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Introduction Sign Off December 2012 Information Technology Authority
More informationAs global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationTURNING THE RISING TIDE OF CYBERSECURITY THREATS
TURNING THE RISING TIDE OF CYBERSECURITY THREATS With cyber attacks on the rise, there s a growing need for digital forensic professionals with the knowledge and skills to investigate technology crimes
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationAalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014
Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication
More informationAn New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com
An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty
More informationYour Customers Want Secure Access
FIVE REASONS WHY Cybersecurity IS VITAL to Your retail Businesses Your Customers Want Secure Access Customer loyalty is paramount to the success of your retail business. How loyal will those customers
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationSecurity Intelligence Services. Cybersecurity training. www.kaspersky.com
Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationRisks and Rewards of the Internet of Things. Findings From ISACA s 2013 IT Risk/Reward Barometer
Risks and Rewards of the Internet of Things Findings From ISACA s 2013 IT Risk/Reward Barometer The world is increasingly being populated by connected devices that collect and share information over the
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationCyber Security 2014 SECURE BANKING SOLUTIONS, LLC
Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information
More informationCybersecurity Strategy of the Republic of Cyprus
Policy Document Cybersecurity Strategy of the Republic of Cyprus Network and Information Security and Protection of Critical Information Infrastructures Version 1.0 23 April 2012 TABLE OF CONTENTS EXECUTIVE
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationCyber Security. The changing landscape. Financial Sector. March 4-5, 2014
Cyber Security Discussioni The changing landscape 2nd Information Security Workshop for Financial Sector March 4-5, 2014 Agenda Agenda How vulnerable is the banking sector Closer look at the security threat
More informationTHE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY
THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY BY DR. BRIAN MCELYEA AND DR. EMILY DARRAJ Approved for Public Release: Case # 16-0276 NORTHROP GRUMMAN WHITE PAPER 2016 Northrop Grumman
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationAnalytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.
18th Annual Space & Missile Defense Symposium IAMD Evolution and Integration/Key Topic: Predictive Cyber Threat Analysis Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationHow to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors
How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationCollateral Effects of Cyberwar
Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global
More informationWhat s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security
What s Lurking in Your Network & The Business Impact of Data Breaches Colby Clark Director of Incident Management FishNet Security Who am I? Colby Clark is the Director of Incident Management at Fishnet
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationCyber Security Risks for Banking Institutions.
Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions
More informationAttackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only
Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors Microsoft Confidential for internal use only Wall Street Journal, JP Morgan, Lockheed, Bushehr nuclear
More informationThe EU s approach to Cyber Security and Defence
Workshop "Cyberwar & Cyberpeace Berlin, 23 Oct 15 Wolfgang Röhrig EDA Programme Manager Cyber Defence Woilfgang.Roehrig@eda.europa.eu +32 (0)2 504 2966 Political & Strategic Framework Dual-Use Specific
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationDISCLAIMER AND NOTICES
DISCLAIMER AND NOTICES The opinions expressed in this presentation are those of the author and presenter alone. They do not represent the views of any other entity. Nothing in this presentation should
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More information