Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response.
|
|
- Dominic Malone
- 7 years ago
- Views:
Transcription
1 Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response.
2 What Happened to the Dinosaurs Avoiding the Extinction- Level Event Corporations occasionally face dramatic, even extinction-level crises that defy incident response plans housed in a single department, or present contingencies that have no prior planning. These events don t happen often, but when they do, they can damage share price, reputation, and careers from the Board, the C-Suite, and many other positions further down the corporate ladder. How does this happen? Research indicates that these risk events are typically complex, beyond the company s risk controls, and are often an outgrowth of increasing interconnectivity within a company across departments and geographies. However, all too frequently companies are unprepared and react reflexively, often failing to consider: who should be in the room making decisions; how emerging issues should be prioritized; and how to think strategically beyond the next 24 hours. A sluggish or clumsy response can escalate an incident into a crisis, and as recent headlines show, sometimes a poorly planned or executed solution can be more damaging than the crisis it is meant to solve. The past few years unquestionably demonstrate that a cybersecurity event is just such an example. Headlines read weekly of public disclosures of confidential data, theft of intellectual property by hackers or insiders, or large-scale cybercrime resulting in the loss of millions of consumers data. Immediate responses to cybersecurity incidents are often led by technicians in information technology (IT) group, often without an incident response plan that considers business risk. But as a handful of CEOs have found while under fire, an effective crisis response requires the skills, knowledge, and experience of a range of corporate functions working in concert: legal, human resources, media and public relations, communications, privacy counsel, audit and risk, finance, corporate security, regulatory and law enforcement relations, shareholder relations, as well as the front line business units and regional management. Many of these stakeholders are not part of the weekly information security meetings or are unaware of contingency plans; however in a true cybersecurity crisis, a non-technical stakeholder may be in the best position to lead, set priorities and make decisions that benefit the business and protect its brand and shareholder value. What sets companies apart these days is not whether they have been breached; breaches have never been more common or more public. However, companies avoid extinction based on how quickly and effectively they respond, set priorities, anticipate emerging issues, communicate, and get in front of a hack. Speed and information sharing are of the essence, and precious time and opportunities are often lost in the early days of a crisis getting organized rather than getting the issue resolved. Such delays can have a material impact on the bottom line: nearly 50% of companies that experience crisis see their share prices fall within a day i ; however, research shows that a well-prepared executive out in front of the crisis discussing it can help recover share price. ii As companies see their peers in the news and monitor their own networks, many are taking a proactive approach to preparing for this inevitable risk event, in the hopes of minimizing the impact and avoiding a protracted crisis. One mechanism by which companies better understand how they will function in a crisis is through crisis management exercises. A carefully-chosen crisis scenario, a cross-functional group of stakeholders, and objective facilitation through an exercise can highlight key corporate strengths, vulnerabilities, and a way forward to improve capabilities before a crisis hits. Regular exercises to test different responses or various parts of the company instill an awareness and cohesion amongst stakeholders that cannot be conveyed through paper plans alone. "If you are the leader of a business, you should know how strong your company s defenses are, you should know if there are response plans in place in case a significant security breach occurs, and you should be getting regular reports on cyber security threats and what your company is doing to respond to those threats." -Secretary of the Treasury Jacob Lew, July 16, 2014 PwC 1
3 Plans are nothing; Planning is everything Exercises are a highly effective tool in incident response and crisis management, and companies should build regular exercises and testing into their cybersecurity programs. However, companies often make the error of compiling multiple plans driven by different scenarios, and testing these specific plans. To be sure, those who plan against specific scenarios will be highly trained for those scenarios. However, to paraphrase a Prussian general, plans do not survive first contact with reality. Reality tends to present incident responders and crisis managers with unforeseen circumstances. The process the plan for a plan that comes of a regular exercise program is far more valuable than the TIME IMPACT plans it produces. It generates muscle memory for incident response, making the process, the environment, and the decision-making construct second-nature to the stakeholders who will be under pressure in a crisis, so they can focus on solving the issue at hand. Exercise programs with sessions ranging from small table-tops to large-scale drills can help provide a number of benefits that can strengthen a company s cybersecurity preparedness and incident response capability. An exercise program establishes and familiarizes the cadre of stakeholders who would be involved in a crisis, typically around a small skeleton crew who will be present to facilitate activities and logistics. However, different crises call for a different mix of skills and information. An exercise program establishes a process to identify and quickly bring to bear the roles, skills, and experience needed, based on limited information. Exercise programs in which the company is tested in a safe environment can produce a number of additional benefits: a more robust process for setting priorities and making decisions among complex and competing demands; an adaptive ability to focus on urgent issues while anticipating what might lie over the horizon; building trust among cross-functional leadership; and finally, creating a compelling platform for Board and C-Suite awareness of the corporation s resilience writ large. The findings of an exercise provide an excellent snapshot, not just of the company s response capabilities, but the issues that might confront corporate executive leadership and the roles they may have to play. Crisis Event Damage to Financial Results, Reputation and Key Relationships With Crisis Management Without Crisis Management Lost Time/Productivity PwC 2
4 What Corporations Should Do Corporations should integrate a program for regular crisis management exercises as a central element of their cybersecurity and incident response strategy. This program would convene regular table-top exercises examining specific scenarios and pressure-testing incident response plans, identifying gaps and shortfalls in the plans. However, the outcome of such a program is more than a set of plans: this program produces benefits across three key areas: People. An established, trained, and familiar cadre of cyber incident responders drawn from the complete set of stakeholders technical and non-technical who would be called upon across the company in the event of a major cyber breach; Process. A safe environment to identify, explore, and understand how unexpected issues might confront the company, accelerate and escalate in the event of a major cyber breach, so stakeholders can learn the right questions to ask and the right experts to convene; Continuous improvement. A strategy to practice and pressure-test incident response policies and procedures, identify gaps and shortfalls, share leading practices, and improve on the company s information sharing and preparedness for major cybersecurity events. Corporate cybersecurity leaders whether in the IT department or Audit committee can evaluate the effectiveness of such a program these and other metrics that indicate evolving states of preparedness: Subject matter expert identification: knowing how to determine, often with very few facts, who should be in the room, from both a technical and business perspective. Realistic yet extreme scenarios: constructing and exploring scenarios are that are plausible, yet designed to push the company to a breaking point in order to determine how people and processes hold up under pressure Policy and process use: identifying and deploying the right policies, processes, and technology that may be relevant in a crisis, including operational, safety, regulatory, legal, brand, communications and media, international, etc.; Communications: examining how the stakeholders, and by extension the company, choose to communicate across the company and to external stakeholders, including customers, partners, vendors, and of course, employees. Crisis management exercises and the learning that results are valuable for C-Suites and Boards seeking to understand the true risk profile of the companies to which they have a fiduciary responsibility to manage risk, be they around the cyber security issues that populate today s headlines or the threats yet to emerge. By bringing together key decision makers from across the company and simulating a realistic but expansive hypothetical scenario that pushes participants beyond their daily roles, the corporation better understands how it must work in concert during a real-world crisis when shareholder value and company priorities are at stake. A regular exercise cadence may help ensure lessons are not lost and reinforces the message that management understands what is at risk in today s market, and is prepared to respond. PwC 3
5 How PwC Can Help PwC assists companies in many facets of cybersecurity strategy and execution, including integrating crisis management exercises into your program. Our technical, investigative, and crisis management specialists in Cybercrime and Strategic Threat Management are actively helping companies develop, implement and test their incident response and crisis management programs, with a view towards a regular testing regime with results reported to the Board. PwC s specialists leverage our Threat Intelligence Fusion Center and Strategic Threat Management experience to evaluate your existing plans against real-world threats, use technical threat intelligence to create realistic scenarios that identify how cyber threats can impact business areas, and facilitate small and large groups of executives and staff through a range of exercises, from small group discussions to live-fire drills and technical tests. We combine this with our subject-matter expertise in your regulatory environment, our industryspecific experience and our knowledge of your values, priorities, and challenges in your industry and the markets you serve. Our exercise reports highlight key strengths and vulnerabilities, create awareness among corporate executives, and provide tangible recommendations so you can begin to improve your response capabilities immediately. PwC 4
6 To have a deeper conversation, please contact: Neal Pollard Director neal.a.pollard@us.pwc.com Marissa Michel Director marissa.o.michel@us.pwc.com David Burg Principal, US and Global Cybersecurity Leader david.b.burg@us.pwc.com George Prokop Managing Director, Strategic Threat Management George.prokop@us.pwc.com Shane Sims Principal, Cybersecurity shane.sims@us.pwc.com Glenn Ware Principal, Corporate Intelligence glenn.t.ware@us.pwc.com i Freshfields Bruckhaus Deringer, Knowing the Risks, Protecting Your Business, Nov On the web at ii Precise UK. The Story of a Crisis, June/July On the web at PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the United States member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.
PRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationSeptember 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for
Testimony of John A. McCarthy, Director of the Critical Infrastructure Protection Project, George Mason School of Law Before a joint hearing of the House Subcommittee on Infrastructure Security and The
More informationBridging the data gap in the insurance industry. Cyber crisis management: Readiness, response, and recovery
Bridging the data gap in the insurance industry Cyber crisis management: Readiness, response, and recovery Readiness, response, and recovery Hacked devices, crashed websites, breached networks, denials
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationPwC Cybersecurity Briefing
www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationAviation perspectives
www.pwc.com/us/airlines Aviation perspectives 2016 special report series: Cybersecurity and the airline industry Part 1 of 4: Introduction Cybersecurity has become an elevated risk that is among the most
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationJuly 2015. New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity
July 2015 New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity The new health economy is bringing change and new entrants from diverse industries are
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationBECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS. www.blankrome.com/cybersecurity
Working together, Blank Rome LLP and Good Harbor Security Risk Management LLC, haved teamed to provide a comprehensive solution for protecting your company s property and reputation from the unprecedented
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationInternal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation
2015 State of the Internal Audit Profession Study Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 68% of companies have gone through or
More informationThe Top Ten of Information Security - For 2015
7 th Annual Information Security Summit The Executive Forum Information Security Management Overview June 4, 2015 Copyright 2015. Citadel Information Group. All Rights Reserved. 2 Establishing Leadership.
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationCyber and Data Risk What Keeps You Up at Night?
Legal Counsel to the Financial Services Industry Cyber and Data Risk What Keeps You Up at Night? December 10, 2014 Introduction & Overview Today s Discussion: Evolving nature of data and privacy risks
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationSecurity solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.
Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationRISK BASED INTERNAL AUDIT
RISK BASED INTERNAL AUDIT COURSE OBJECTIVE The objective of this course is to clarify the principles of Internal Audit along with the Audit process and arm internal auditors with a good knowledge of risk
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationSupporting information technology risk management
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationrisk management & crisis response Building a Proactive Risk Management Program
October 2014 risk management & crisis response Building a Proactive Risk Management Program Increasingly, businesses face a myriad of issues that expose them and their officers and directors to litigation,
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationA Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst
TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY
More informationCYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322
CYBERSECURITY RISK RESEARCH CENTRE http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationBe Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience
Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security
More informationDo you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape
January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both
More informationSecurity deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015
Security deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015 It will come as no surprise to most financial services executives that information security
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationAre you sure that s beef in your burger?
pwc.com.au PwC s supplier risk management services Are you sure that s beef in your burger? Giving you confidence in the performance of your supply chain The recent horse meat substitution scandal is just
More informationPreparing for the Resolution of a Troubled Bank. Have Your Toolkit Ready
Preparing for the Resolution of a Troubled Bank Have Your Toolkit Ready Plans are nothing; planning is everything. Outline of Presentation Planning for a bank resolution as part of your overall contingency
More informationARMA: Information Governance: A Revenue Source Potential
ARMA: Information Governance: A Revenue Source Potential Presenter: Martin Tuip Executive Director for IG Products ARMA International Agenda About ARMA International What is Information Governance? Generally
More informationThe Role of Internal Audit in Risk Governance
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationNine Cyber Security Trends for 2016
Nine Cyber Security Trends for 2016 12-17-15 Boxborough, MA 2016 will see an increasing number of attacks and the emergence of new targets; the complexity and sophistication of attacks, initiated by increasingly
More informationCorporate Incident Response. Why You Can t Afford to Ignore It
Corporate Incident Response Why You Can t Afford to Ignore It Whether your company needs to comply with new legislation, defend against financial loss, protect its corporate reputation or a combination
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More information3 keys to effective service availability management. Visibility. Proactivity. Collaboration.
3 keys to effective service availability management Visibility. Proactivity. Collaboration. Managing service availability without visibility into downtime and data loss risks is like flying at night without
More informationRisk and responsibility in a hyperconnected world: Implications for enterprises
JANUARY 2014 Risk and responsibility in a hyperconnected world: Implications for enterprises David Chinn, James Kaplan, and Allen Weinberg For the world s economy to get full value from technological innovation,
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationwww.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services
www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationInternal Audit and supervisory expectations building on progress
1 Internal Audit and supervisory expectations building on progress Speech given by Sasha Mills, Director, Cross Cutting Policy, Bank of England Ernst & Young, London 3 February 2016 2 Introductions Hello,
More informationthe evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group
the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and
More informationPerspectives on Procurement
www.pwc.com/me Perspectives on Procurement Finance & Procurement: Optimizing Performance through Collaboration In today s complex and fast moving world, Procurement and Finance must add value beyond base-level
More informationRiskAstute. Prepared for When.
RiskAstute Prepared for When. phishing Legal Threats ISO 27001/2 IT worms FCC Operations FERC process errors AM NTSB cyber-vandalism cyber-thef Accounting viruses SEC Dodd-Frank Customer Service SOX FAA
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationThe NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session
The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationwww.pwc.nl/cybersecurity Cyber security Building confidence in your digital future
www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationCybersecurity thoughts and issues from a political perspective
Cybersecurity thoughts and issues from a political perspective Abstract Area: COMBINED INTERNET GOVERNANCE PRINCIPLES AND ROADMAP Entitled by: Gonzalo A Romero B Region: Colombia Organization:.CO Internet
More informationVulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War
Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent
More informationImplement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.
Security solutions To support your business objectives Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives. For an On Demand Business, security
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationPrepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015
Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015 CONTENTS: PROGRAM SCHEDULE... 11 FACULTY BIOS... 19 1. Big Picture Cyber: Threats, Vulnerabilities and
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationBuilding the business case for continuity and resiliency
Global Technology Services Research Analysis Risk Management Building the business case for continuity and resiliency The economics of IT risk and reputation and their importance to business continuity
More informationSecuring Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud
Securing Internet Payments across Europe Guidelines for Detecting and Preventing Fraud Table of Contents Executive Summary Protecting Internet Payments: A Top Priority for All Stakeholders European Central
More informationUK TESTING ECOSYSTEM FOR CONNECTED AND AUTONOMOUS VEHICLES. A call for evidence MAY 2016
UK TESTING ECOSYSTEM FOR CONNECTED AND AUTONOMOUS VEHICLES A call for evidence MAY 2016 Contents UK testing ecosystem for connected and autonomous vehicles... 3 1. Foreword... 4 2. Executive summary...
More informationCyber crisis management: A bold approach to a bold and shadowy nemesis
August 2011 Cyber crisis management: A bold approach to a bold and shadowy nemesis Table of contents The heart of the matter 2 Cyber crisis management: A new philosophy and approach to incident response
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationEnterprises are transforming, market place priorities are changing, Is your business ready?
Enterprises are transforming, market place priorities are changing, Is your business ready? Presented by: Mike Errity, Vice President IBM Resiliency Services merrity@us.ibm.com Twitter: @MikeErrity 1 14th
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationCustomer effectiveness
www.pwc.com/sap Customer effectiveness PwC SAP Consulting Services Advance your ability to win, keep and deepen relationships with your customers. Are your customers satisfied? How do you know? Five leading
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationHR Business Consulting Optimizing your HR service delivery
HR Business Consulting Optimizing your HR service delivery NorthgateArinso Business Consulting provides HR executives with unique insight to optimize the cost of HR service delivery, improve employee engagement,
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationHIGH ON THE RISK RADAR REPUTATION RISK
BUSINESS MANAGEMENT HIGH ON THE RISK RADAR REPUTATION RISK Reputation risk is top of mind for executive management, so here s how to manage it effectively. Words by Liz Brown Reputation risk it s not new,
More informationCHIEF COMMUNICATIONS OFFICERS FIRST 100 DAYS
CHIEF COMMUNICATIONS OFFICERS FIRST 100 DAYS CHIEF COMMUNICATIONS OFFICERS FIRST 100 DAYS Chief Communications Officers: First 100 Days is Weber Shandwick s second mini-book in its Thought Leadership series.
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationWhat sets breakthrough innovators apart PwC s Global Innovation Survey 2013: US Summary
What sets breakthrough innovators apart PwC s Global Innovation Survey 2013: US Summary www.pwc.com/innovationsurvey 60% $250b The top innovators in our study plan to grow by more than 60 percent over
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationCybersecurity and Corporate America: Finding Opportunities in the New Executive Order
Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationTEST MANAGEMENT SOLUTION Buyer s Guide WHITEPAPER. Real-Time Test Management
TEST MANAGEMENT SOLUTION Buyer s Guide WHITEPAPER Real-Time Test Management How to Select the Best Test Management Vendor? The implementation of a Test Management system to automate business processes
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More information