Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.

Size: px
Start display at page:

Download "Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc."

Transcription

1 Executive Summary With annual industry expenditures for technology topping an estimated $30 billion, the banking industry clearly relies on technology to better serve customers. This dependence has continued to grow since the Internet and e-commerce exploded in the 1990s. The unintended consequence of this reliance on computers is exposure to data breaches. Why breaches occur? In speaking with customers and reviewing existing research, a majority of breaches in banking occur for three reasons: 1. Outsourced data 2. Hacking is a lucrative business 3. Employee retribution Why should the banking industry care? The banking industry should be particularly interested in mitigating data breaches because: 1. It costs a lot to fix 2. Brand Blemish 3. Intellectual Property 4. Regulations/Laws 5. Mandates 6. Standards/Controls Attenuate breach impacts. Because it typically takes attackers days to get into a company s network and steal data, a recent Verizon RISK and U.S. Secret Service Data Breach Investigations Report recommended that IT should constantly monitor server activity and red-flag any suspicious activity. The best method to vigilantly monitor devices and applications is to monitor their logs. As a result, since the banking industry heavily relies on technology to serve customers, monitoring log data or log management for devices, servers, and applications is too important of a task to be overlooked. The causes of log management lapses. Despite log management being a great first-line of defense against a data breach, analyzing logs is seldom adequately performed. In order to ensure adherence to laws and mollify ramifications, banking IT executives must first understand the human factors that inhibit this important task: 1. Most people dislike tedious work. 2. No time to ensure uptime; no time to prevent downtime. 3. NAH : Not Affected Here. The Real Solution. Log data management is too important of a task to be overlooked. A great way to help to counteract these three behavioral issues is to provide your IT staff with the right solution to their problem in order to resolve your problem

2 With annual industry expenditures for technology topping an estimated $30 billion, the banking industry clearly relies on technology to better serve customers. This dependence has continued to grow since the Internet and e-commerce exploded in the 1990s. Exposure to computer systems vulnerabilities has also grown at an alarming rate as attackers strive to identify and make the most of vulnerabilities. Consequently, computers are attacked and compromised on a daily basis. A recent Verizon RISK and U.S. Secret Service Data Breach Investigations Report stated that servers and applications comprise 50% of all breached assets. These attacks steal personal identities, bring down an entire network, disable the online presence of businesses, or eliminate sensitive information that is critical for personal or business purposes. One security survey noted how in 1997, 37% of respondents reported a breach. A 2009 report by the Ponemon Institute, a privacy management research firm, reported a figure of 85%. Banks are especially susceptible. Over the past several years, Virginia s DHS system, TJX, Heartland Payment Systems, Google, and T-Mobile have been adversely affected by breaches. The Heartland Payment Systems breach had a ripple effect that exposed customer credit card details at over 675 regional banks. Interestingly, since the breach, six of the banks have, according to the FDIC, failed (1st Pacific Bank of California, Columbia River Bank, Prosperan Bank, Rainier Pacific Bank, Sun West Bank, and TierOne Bank). Why Breaches Occur? In speaking with customers and reviewing existing research, a majority of breaches occur in banking for three reasons: the increase of outsourced data, hacking is a lucrative business, and employee retribution. Outsourced Data. Increasingly, cost conscious companies in the banking industry are outsourcing work to achieve economies of scale. The unintended consequence, as stated by the 2010 Ponemon study is that 42% of all breach cases involved third party mistakes. Data breaches involving outsourced data to third parties, especially when the third party is offshore, are most costly. The per capita cost for data breaches involving third parties is $217 versus $194, more than a $21 difference, according to Ponemon. The per capita cost of a data breach involving a negligent insider or a systems glitch averages $154 and $166, respectively. Hacking is a lucrative business. In November 2008, the Atlanta-based U.S. payment processing division for Royal Bank of Scotland, RBS Worldpay network, was infiltrated by hackers. The hackers obtained unauthorized access and were then able to - 2 -

3 reengineer personal identification numbers from a data feed, and defeat the credit card processing system's encryption. In half a day, the hackers stole over $9 million. Hackers utilize multiple methods to obtain sensitive information including, stealing computers, combing through sensitive lost documents, brute force attacks, and viruses. According to the Internet Security Threat Report published by Symantec in April 2009, attackers released Trojan horses, viruses, and worms at a record pace in 2008, primarily targeting computer users confidential information, in particular their online banking account credentials. Symantec documented a record of 1.6 million instances of malicious code on the Web in 2008, about one million more than Twenty four percent of all cases in Ponemon s 2010 study involved a malicious or criminal attack that resulted in the loss or theft of personal information. Moreover, two types of data most often compromised is credit card information (54% of all breaches) and bank account information (32% of all breaches) according to the Verizon RISK and U.S. Secret Service Data Breach Investigations Report. Employee retribution. In 2008, the Bank of New York breach made national headlines. In the second quarter of 2010, the New York Country District Attorney's Office stated that a computer technician formerly employed as a contractor at the headquarters of the Bank of New York was to blame. Over an eight year period, the culprit stole personal identifying information of 2,000 bank employees and organized thefts of more than $1.1 million from various organizations, including charities and nonprofit organizations. The Identity Theft Resource Center, a San Diego based nonprofit, found that of the roughly 250 data breaches publicly reported in the United States between January 1 and June 12, 2008, victims blamed the largest share of incidents on theft by employees (18.4 %). This year, the 2010 Data Breach Investigations Report by Verizon RISK and the U.S. Secret Service, 48% of data breaches across all industries were caused by insiders. Why Should I care? In recent years, banks have paid increasing attention to IT security. This is understandable given the sheer amount of information now in digital form. A recent InformationWeek Analytics survey revealed that 75% of its executive level respondents (among all industries) stated that information security is among its highest priorities. Some reasons include it costs a lot to fix, diffuses the strength of a brand, places intellectual property at risk, and has initiated widespread regulation, mandates, and control standards

4 It costs a lot to fix. Executives are focused on information security because of the accompanying liability costs of the ever-increasing volume of corporate and personal information theft. In certain cases, these events result in costly lawsuits with much of the fees being paid to litigation service firms to sift through inaccessible, unorganized volumes of data. According to the American Banker s Association some of the biggest costs associated with a breach are those from reissuing credit and debit cards, covering fraudulent charges from stolen card numbers, and closing accounts placed at risk. In other cases, companies incur the expense of setting up credit monitoring services for customers affected by the breach. According to the latest Ponemon Institute study, the cost per compromised customer record is $204 and the average total cost of a data breach is $6.75 million, which is up by 44% since The Internet Crime Complaint Center, a partnership of the FBI, the National White Collar Crime Center, and Bureau of Justice Assistance, reported that the number of complaints from victims of cyber crime rose by almost a third since The total number reached 275,284, amounting to $265 million in money lost. Research shows data breaches involving malicious or criminal acts are much more expensive than incidents resulting from negligence or systems glitch ($154 and $166 per record, respectively). The per capita cost of a data breach involving a malicious or criminal act averages $215. In instances where a bank issued cards affected by a breach, these costs can mount quickly, and the bank ends up bearing all of the costs itself. Brand blemish. Next, executives are focused on information security in order to preserve brand value. For years, Business Week/InterBrand has published their yearly findings on the top 100 Brands. Because stability is one of the factors for determining a brand s value, one can assume that a customer will be doubtful of the stability of a brand that cannot protect their information. John Watkins, the former SVP of online services at Wachovia (now Wells Fargo), echoes this sentiment, "Data breaches and any type of security concern in the online space affect customer confidence We're concerned that customers will lose confidence if we can't provide them with a good feeling that they are safe online. It's about trust." Building trust is especially needed in the already negative-publicity prone banking industry. For the second year in a row, banks experienced a significant increase in complaints coinciding with 140 bank failures in 2009, said the Better Business Bureau (BBB). Trust in the financial sector is already extremely low and the dramatic increase in BBB complaints against banks reflects the growing discord between consumers and the industry. As a result, the banking industry has been through what marketing experts call brand image turmoil in the aftermath of the financial meltdown

5 Because the banking industry understands that consumer perceptions of trust are important, this year banks have increased their advertising budgets to offset the negative publicity and to rebuild consumer trust. One example is Citizens Banks latest campaign, Good Banking is Good Citizenship. Warren Zafrin, a partner with KPMG sums it up best, "Over time, security will be a differentiator for banks. It's about trust security really goes beyond preventing data breaches to enhancing relationships. Intellectual property. Because superior intellectual property leads to service differentiation, executives view it as a key asset that, in the midst of hard economic times, ensures revenue, market share, and long-term profitable growth. An intellectual property breach can include unauthorized access, copying, disclosure or use of client information, trade secrets, copyrighted materials, ongoing research, strategy, M&A plans, and other such information. Bradford Newman, the leader of the International Employee Mobility and Trade Secrets practice at the law firm Paul Hastings Janofsky & Walker LLP, states, Most banks do have good data security practices. But to recover that data from the thousands of employees across the globe is a new risk companies first have to ask themselves what their trade secrets are, where the most at-risk secrets lie, and, in connection with the recent layoffs, how they can reduce the risk of disclosure and maximize the chance of recovering the data." As such, protecting intellectual property is essential for any organization. Regulations/Laws. The current system for regulating and supervising financial institutions is complex. According to the FDIC, This complicated regulatory structure came about because financial regulation has been responsive to several traditional themes in U.S. history. Among them are a distrust of concentrations of financial power, including a concentration of regulatory power; a preference for market competition; and a belief that certain sectors of the economy should be ensured access to credit, a belief that has led to a multiplicity of niche providers of credit. The nation s complex regulatory structure was designed to deal with all of these sometimes conflicting objectives. Although many of the newer laws have focused on consumer protection, a number of others have addressed issues of regulation and supervision related to concerns about safety and soundness. As such, banks in the United States are obligated to reduce operational risk, the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events, by monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems by the following laws: - 5 -

6 1. Section 216 of the Fair and Accurate Credit Transactions Act (2003) (FACT Act) - must provide for the identification, detection, and response to patterns, practices, or specific activities known as red flags that could indicate identity theft. Within banks, this requirement can only be sufficiently met through monitoring. 2. Section 501(b) of the Gramm-Leach-Bliley Act (1999) states that a bank should manage and control risk by monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems both internally and with service providers and is the all encompassing successor to the following: a. Section 39 of the Federal Deposit Insurance Act b. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 30, Appendix B c. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 208, Appendix D-2 d. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 225, Subpart J, Appendix F e. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 263, Subpart I, Appendix D-1 f. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 364, Appendix B g. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 570, Appendix h. Code of Federal Regulations Title 12 (Banks and Banking) 3. USA Patriot Act (2001). Although this Act does not directly ask an organization to monitor, it increases the ability of law enforcement agencies to search telephone, communications, medical, financial, and other records. As a result, log management is necessary for compliance. 4. Sarbanes-Oxley Act (2002). The formal name of this act is the Public Company Accounting Reform and Investor Protection Act of This act requires the boards, accounting firms, and management of publicly traded firms to adhere to a higher set of financial recording and reporting standards. The reporting requirements can only be sufficiently met through monitoring. 5. California Senate Bill California Senate Bill 1386 was introduced in July The bill was the first attempt by a state legislature to address the problem of identity theft by introducing stiff disclosure requirements for businesses and government agencies that experience security breaches that might contain the personal information of California residents. Implied in the bill is that in order to be to assess compliance, an organization should monitor their devices and applications regularly to adhere to the following, "Notice must be given to any resident of California whose PI is or is reasonably believed to have been - 6 -

7 acquired by an unauthorized person." Notice must be given in "most expedient time possible" and "without unreasonable delay" subject to certain provisions that define what reasonable is for your organization. Mandates. Mandates by the Basel Committee on Banking Supervision (Basel II) and Payment Card Industry Data Security Standard (PCI-DSS) all seek to manage risk. Basel II. Basel II improved on Basel I, first enacted in the 1980s, by offering more complex models for calculating regulatory capital in order to make risky investments, such as the subprime mortgage market in which higher risks assets are moved to unregulated parts of holding companies. In addition to safeguarding bank solvency while protecting the international financial system, Basel II also strives to reduce operational risks. However, the Basel Committee on Banking Supervision recognizes that operational risk is a term that has a variety of meanings and therefore, for internal purposes, banks are permitted to adopt their own definitions of operational risk, provided the minimum elements in the Committee's definition are included. Through compliance, banks are assured that they hold sufficient capital reserves for the risk they expose the bank to through its lending and investment practices. PCI-DSS. Payment Card Industry Data Security Standard (PCI DSS), PCI DSS require that adequate activity logs are produced, there is restricted access to logs, and that logs are reviewed daily, all of which are encompassed in the following guidelines: 10.5 Secure audit trail so they cannot be altered Access to audit trails must be limited to READ access. If audit trails can be altered outside of the application, monitoring controls should be implemented via file-integrity monitoring tools as required in DSS Alteration of audit trails should be investigated for propriety Review logs for all system components at least daily. Log reviews must include those servers that perform security functions such as IDS and VPN. The American Bankers Association (ABA). The ABA is the largest banking trade association representing all categories of banking institutions, including community, regional, and money center banks. Although they do not have a mandate, the ABA supports data security legislation and regulatory policy that creates a uniform standard for data security across all types of businesses. Standards/Controls. Standards like the Control Objectives for IT (COBIT), the ISO standard for Security Management, and the NIST Standards all seek to manage risk. COBIT. The Control Objectives for Information and related Technology (COBIT) is based on a plan-build-run-monitor framework and is a comprehensive set of IT management best practices managed by the IT Governance Institute (ITGI). The - 7 -

8 best practices are divided into four domains (Plan, Build, Run and Monitor) and 34 high-level processes. It relies on understanding the inter-relationship between technologies across the enterprise, real-time understanding of risks, impacts, and operational variables. Its goal is instill vigilance through monitoring. ISO27001/2. ISO27001/2 is based on a plan-do-check-act framework and is derived from the ISO 17799, ISO27001 and 2 (together known as ISO27001/2) were renumbered in 2007 to conform to the ISO family numbering scheme. ISO27001/2 are a widely accepted international standard for information security that was established by the International Standards Organization and offers a broad set of best practices for information security controls across organizations of any type and assists all organizations - commercial, governmental or nonprofit - in the process of managing information security. ISO 27001/2 a standard that offers oversight over individual security controls. These controls call for the monitoring and analysis of data generated by all systems including IT infrastructure, network appliances and security solutions throughout the enterprise. The framework is comprised of twelve security clauses that include 39 security categories with hundreds of control objectives overall. Its goal is mitigate risk through active vigilance. Mortgage Bankers Association (MBA). The MBA is a national association that represents the real estate finance industry and includes more than 3,000 mortgage companies, mortgage brokers, commercial banks, thrifts, life insurance companies, and others in the mortgage lending field. Their Board of Directors Technology Steering Committee (BoDTech) released a comprehensive approach to information assurance, which analyzes three critical areas of information assurance: legislative and regulatory, audit practices, and security standards and framework. The model was created specifically so that mortgage firms could establish a comprehensive set of processes that would cover the requirements of the many compliance programs. The goal of the model is to provide a way for the mortgage industry to assure that information, data, applications, and processes are in place to protect a firm, its operations and its customers. The policy and architecture step, takes deeper dive into a firm's operating environment. It addresses audit practices, including monitoring of devices and application. NIST Standards. The National Institute of Standards and Technology is a US federal technology agency that develops and promotes measurement, standards, and technology and relies on functional area framework of management, operational, and technical safeguards. Most banks have adopted this control framework. The specific log management control outlined with NIST standards rests within the AU-6 Audit Monitoring, Analysis, and Reporting control. In a nutshell, the control states an organization should report indications of inappropriate or unusual activity to an organization official and be aware of change in risk to organizational operations

9 Their control enhancements category serves to distill the broad goals set forth by AU-6, the NIST recommends: 1. An organization s information system must first integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities. 2. An organization s auditable data needs to be integrated, centralized, robust, and be able to thoroughly analyze data from multiple devices. 3. An organization should correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity. Statement on Auditing Standards No. 70 (SAS 70). SAS 70 was developed by the American Institute of Certified Public Accountants to provide guidance to organizations that provide third-party services and defines the standards an auditor must employ in order to assess their internal controls. It is an internationally-recognized standard that reviews all levels of technology service providers over a six-month period for business practices, communication, internal procedures and security. The SAS 70 report guidance articulates the requirements for assessing four items: the fair presentation of management's description of controls, the suitability of the design of management's controls, whether the controls are in place as of a specified date, and whether the controls operated with sufficient effectiveness to determine that management's control objectives were achieved. This standard applies to banks (usually publically traded) that rely on hosted data centers, and third party processors, to provide outsourcing services that affect the operation of the bank. The Solution? Attenuate breach impacts. A recent Verizon RISK and U.S. Secret Service Data Breach Investigations Report recommended that IT staff should constantly monitor server activity and red-flag any suspicious activity because it typically takes criminals days to get into a company s network and steal data. The best method to vigilantly monitor each device and applications is to monitor their logs. Therefore, monitoring log data or log management for devices, servers, and applications is too important of a task to be overlooked because it acts as a great first-line of defense against a data breach. The Problem with the Solution. Why IT puts us at risk. At one of our recent customer visits, an IT executive was sharing his ongoing frustration with log management and analysis. To complicate matters, he stated that the laws, regulations, and mandates on companies of all sizes have made analyzing logs a necessity. He shared that although his company had both the human and technology assets to perform the - 9 -

10 analysis; his team could not, in a repetitive and timely manner, because of the difficulty in performing the task. Despite his frustration, we probed further to find out what drives this complexity. We were surprised to learn that three factors influence why log management and analysis is not performed: it is tedious, time consuming, too abstract to tend to. No one likes tedious work. Most IT personnel are as generalized as being task versus people-oriented. Even so, they do not like to perform brainless tasks. Log management falls into that category as an IT person would have to pour through reams of data and somehow correlate and weight each security risk, which is a truly tedious task. No time to ensure uptime; no time to prevent downtime. On any given day, they are performing multiple tasks that stretch their skills to the limit. Already overworked, one IT administrator stated that he is responsible for maintaining a service level of 98% for his 900 users, and maintaining/reviewing log data. But, he is only merited based on his service level performance. Consequently, he seldom manages and reviews his logs and hopes that an incident will not bring down his system. NAH. We've all heard the phrase "NIH", not invented here. However, with IT staff, we constantly witness a belief system of NAH", not affected here. Because of the limited time and multiple demands placed on an IT staff, many are forced to hope and believe for the best. One IT analyst confided to us he hoped to never have a breach since a breach would cost about $25,000 an hour in lost productivity and ontime delivery performance. The real solution. Log data management is too important of a task to be overlooked. In order to ensure adherence to laws and potential costs, IT executives must first understand, address, and resolve the human factors that inhibit this important task. A great way to help to counteract these three behavioral issues is to provide your IT staff with the right solution to their problem in order to resolve your problem

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions File Integrity Monitoring Challenges and Solutions Introduction (TOC page) A key component to any information security program is awareness of data breaches, and yet every day, hackers are using malware

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

Cyber Liability. What School Districts Need to Know

Cyber Liability. What School Districts Need to Know Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have

More information

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue. Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues

More information

AlienVault for Regulatory Compliance

AlienVault for Regulatory Compliance AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Reduce Your Breach Risk: File Integrity Monitoring for PCI Compliance and Data Security

Reduce Your Breach Risk: File Integrity Monitoring for PCI Compliance and Data Security Reduce Your Breach Risk: File Integrity Monitoring for PCI Compliance and Data Security A key capability of any information security program is the ability to rapidly detect and help correct data breaches.

More information

Impact of Data Breaches

Impact of Data Breaches Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:

More information

cyber invasions cyber risk insurance AFP Exchange

cyber invasions cyber risk insurance AFP Exchange Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance

More information

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes

More information

WHITE PAPER. Preventing Wireless Data Breaches in Retail

WHITE PAPER. Preventing Wireless Data Breaches in Retail WHITE PAPER Preventing Wireless Data Breaches in Retail Preventing Wireless Data Breaches in Retail The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9

More information

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

Data Protection. Understanding the Effectiveness of a Data Protection Program. IIA: Almost Free Seminar. 21 June 2011

Data Protection. Understanding the Effectiveness of a Data Protection Program. IIA: Almost Free Seminar. 21 June 2011 Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness

More information

May 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association

May 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association Statement for the Record On behalf of the American Bankers Association Consumer Bankers Association Credit Union National Association Independent Community Bankers of America National Association of Federal

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

Securing OS Legacy Systems Alexander Rau

Securing OS Legacy Systems Alexander Rau Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

Applying LT Auditor+ to Address Regulatory Compliance Issues

Applying LT Auditor+ to Address Regulatory Compliance Issues Applying LT Auditor+ to Address Regulatory Compliance Issues An Executive White Paper By BLUE LANCE, Inc. BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com In today s business environments,

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

Managing data security and privacy risk of third-party vendors

Managing data security and privacy risk of third-party vendors Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected

More information

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes

More information

Design of Database Security Policy In Enterprise Systems

Design of Database Security Policy In Enterprise Systems Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520 AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies

More information

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016 The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,

More information

AN INFORMATION GOVERNANCE BEST

AN INFORMATION GOVERNANCE BEST SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Case 2:13-cv-01887-ES-JAD Document 282-1 Filed 12/09/15 Page 1 of 18 PageID: 4861 THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY

Case 2:13-cv-01887-ES-JAD Document 282-1 Filed 12/09/15 Page 1 of 18 PageID: 4861 THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY Case 2:13-cv-01887-ES-JAD Document 282-1 Filed 12/09/15 Page 1 of 18 PageID: 4861 THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY Federal Trade Commission, Plaintiff, v. Wyndham Worldwide

More information

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...

More information

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI Solution for Retail: Addressing Compliance and Security Best Practices PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment

More information

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL Before the Subcommittee on Financial Institutions and Consumer

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

Real-Time Security for Active Directory

Real-Time Security for Active Directory Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Compliance and Industry Regulations

Compliance and Industry Regulations Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Cybernetic Global Intelligence. Service Information Package

Cybernetic Global Intelligence. Service Information Package Cybernetic Global Intelligence Service Information Package / 2015 Content Who we are Our mission Message from the CEO Our services 01 02 02 03 Managed Security Services Penetration Testing Security Audit

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.

Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

Securing Critical Information Assets: A Business Case for Managed Security Services

Securing Critical Information Assets: A Business Case for Managed Security Services White Paper Securing Critical Information Assets: A Business Case for Managed Security Services Business solutions through information technology Entire contents 2004 by CGI Group Inc. All rights reserved.

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

Cyber Risks in Italian market

Cyber Risks in Italian market Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends

More information

Achieving Regulatory Compliance through Security Information Management

Achieving Regulatory Compliance through Security Information Management www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Mortgage Fraud at Financial Institutions: Prevention and Response. By: Travis P. Nelson 1

Mortgage Fraud at Financial Institutions: Prevention and Response. By: Travis P. Nelson 1 Mortgage Fraud at Financial Institutions: Prevention and Response By: Travis P. Nelson 1 Over the last year law enforcement and regulatory agencies have been inundated with reports of mortgage fraud, occurring

More information

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by:

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe June, 2011 Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe An Advisen Special Report Sponsored by Chartis Security

More information

Auditing Security: Lessons Learned From Healthcare Security Breaches

Auditing Security: Lessons Learned From Healthcare Security Breaches Auditing Security: Lessons Learned From Healthcare Security Breaches Adam H. Greene, J.D., M.P.H. Davis Wright Tremaine LLP Washington, D.C. Michael Mac McMillan CynergisTek, Inc. Austin, Texas DISCLAIMER:

More information

Questions and Answers About the Identity Theft Red Flag Requirements

Questions and Answers About the Identity Theft Red Flag Requirements Questions and Answers About the Identity Theft Red Flag Requirements 1. Who is covered by the new Identity Theft Regulations? The Identity Theft Regulations consist of three different sets of requirements,

More information

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps

More information

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX White Paper Achieving SOX Compliance through Security Information Management White Paper / SOX Contents Executive Summary... 1 Introduction: Brief Overview of SOX... 1 The SOX Challenge: Improving the

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information