Seamus Reilly Director EY Information Security Cyber Security

Size: px
Start display at page:

Download "Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security"

Transcription

1 Seamus Reilly Director EY Information Security Cyber Security An Internal Audit perspective on the threats and responses within the Retail Sector 15 th May 2014

2 Agenda Introductions Cyber Security What is Cybercrime and Cyber Security? What are the threats? Organisational challenges Key considerations for prevention and response The role of internal audit in helping to protect the organisation Group discussion Page 1

3 2013 EYGM Limited All Rights Reserved The question is when, not if, a Cyber Security breach will happen, and therefore ensuring a business is prepared in its response planning is key. Cyber Security threats now mean a business has to sprint to stand still in managing the cyber threat.

4 Cyber Security Cyber crime spectrum What do the terms Cybercrime and Cyber Security mean to your business? Page 3

5 Cyber Security is now a boardroom agenda but is there enough training & knowledge? A Serious Issue 64% of Chairs think that their Board colleagues take cyber risk VERY seriously Changing Ownership & Accountability When asked who is the ultimate owner of Cyber risk for their company, Audit Committee Chairs responded with a variety of roles, but with a trend towards the Board, where 2 years ago 75% of companies viewed this wholly as a CIO responsibility Now a Business Risk 56% of respondents said that their strategic risk register includes a cyber risk category 20% 28% 25% CEO CFO CIO Cyber Savvy Boards Most Chairs think that their Board colleagues are qualified, to some extent, to manage innovation and risk in a digital age but more Cyber Training is required 75% of respondents had not undertaken any cyber or information security training in the past 12 months and 80% of respondents said none of their Board colleagues had undertaken any either Page 4

6 Businesses lack knowledge of data asset value, but understands need to find out more! Know your Data Assets Only a third of Chairs said the main Board has a very clear understanding of what the companies key information and data assets are two thirds need to understand more Who has your key data assets? 25% of respondents said the main Board has a poor understanding of where the company s key information or data assets are shared with 3 rd parties (e.g. suppliers, advisors, customers & outsourcing partners), Understand the Threat 40% of Chairs said the main Board does not received regular threat intelligence from their CIO or CISO Poor Very Clear Basic Don t Know/N/A The impact of a Cyber Attack Less than 50% of FTSE 350 Chairs think that their Board has a clear understanding of the potential impact of information and data asset losses Information Sharing on Threats Nearly half of respondents said their CIO and CISO teams are encouraged to share information with other companies in order to combat cyber threats SHARE PRICE FINANCIAL PERFORMANCE OPERATIONAL PERFORMANCE CUSTOMER LOYALTY COMPETITIVE ADVANTAGE Page 5

7 The reality for business today Perfect storm of factors at play Breaches occurring and will continue to do so Increased erosion of perimeter from third parties, social media and personal devices Extended supply chain includes smaller businesses with less resources Rising persistence and sophistication of external threats Growing regulatory and government focus Page 6

8 Improve Awareness of cyber threats propels improvement Knowing that an attack will inevitably occur sparks improvements 2013 EYGM Limited All Rights Reserved

9 Expand Leading practices to combat cyber threats Organisations must send clear signals from the top that they need to be proactive and ready for the unknown. Those that are satisfied with merely being reactive may not survive the next attack EYGM Limited All Rights Reserved EY s Global Information Security Survey

10 Innovate To survive, innovation in response must power cyber transformation Innovative Cyber security solutions can protect organisations against known cyber risks and prepare them for a great unknown the future EYGM Limited All Rights Reserved

11 Establish a cyber resilience framework Vision of organisational resilience that can be established to deal with cyber threats Builds on current information security arrangements A The organisation should have a process for gathering, analysing and sharing of cyber intelligence. Cyber governance and partnering The organisation should have an effective governance framework for monitoring cyber activities, including partnering collaboration, and the risks and obligations in cyberspace. Cyber situational Cyber resilience B C D awareness assessment The wider organisation should have a process for reassessing and adjusting their cyber resilience to the impacts of the past, present and future cyberspace activity. Cyber responses The organisation should effectively prevent, detect and respond to cyber incidents and minimise their impacts. Page 10

12 The role of internal audit functions within Cyber Security

13 Combating cyber attacks requires leadership and accountability The rapid-fire pace of technology (r)evolution that we have seen in recent years will only accelerate in the years to come as will the cyber risks. Not considering them until they arise gives cyber attackers the advantage. In fact, chances are, they re already in! 2013 EYGM Limited All Rights Reserved

14 Establish a cyber resilience group to enable efficient response Cyber Champion Strategic leadership at C-Suite level representation with access to senior management, and therefore resources and funds Day-to-day leadership possessing strategic business and communications skills Risk Managers Cyber Resilience Leader (CIO) Cyber Security Leader (CISO) Business Relationships Business Continuity Forensics Incident Management Legal Intelligence Technical Partners Human Capital Marketing Public relations Corporate Affairs In-depth advice and guidance on cyber security, with extensive experience across breadth of organisation Collaboration between all business functions with Cyber Champions appointed to ensure business relationship management between IT and the business is effective, proactive and aligned to organisational strategy. The LOB representatives should have access to other parts of the organisation and be well versed in organisational culture IT LOBs running cyberspace initiatives IT Operations & IT Security Functions In-depth advice and guidance on IT systems operations and IT security, with experience across the IT organisation Page 13

15 Key considerations for Internal Audit What should you be doing? How do you identify Cyber risks and attacks on your organisation? Has your business defined its Cyber Risk Universe? When did you last undertake an independent review of Cyber Security? What should your organisations response be? and Internal Audit s role? Awareness? How seriously does your organisation take Cyber Security? What is the business doing to raise user awareness of Cyber risks? Who is driving the awareness agenda and are the business supportive? Planning? When did the business last undertake a Cyber Crisis Management exercise? How frequently does your business review its risks, policies and controls management? Can we prevent Cybercrime? Page 14

16 Questions for your organisations CEO CFO CIO/CTO CRO Do you know what business information you need to protect and where it is, and do you trust your business partners with it? Is the information security function meeting your current and future business needs? How do you include information security in major business changes such as new channels to market, e.g., social media? Who is responsible for securing your critical business information? How often do you discuss information security risk at the Board and Audit Committee? How confident are you that your information and systems are protected from catastrophic loss? How do you assess investment priorities and effectiveness of spend for information security? Are you getting value for your information security spend? Do you know how much information security breaches and other data losses cost your organisation? Do you understand new and increasing information security risks? Do you know what business information you need to protect and where it is? Are you confident you have sufficient cyber insurance? How is information security addressed in business and IT plans, e.g., strategy, sourcing, new delivery models, third parties? How are the increasing risks from internal and external sources impacting your IT plans and activities? How effectively is information security built into design and requirements of new systems? Does IT have visibility of, and involvement in, information security issues and priorities? Do you know what business information you need to protect and where it is? How well is information security and risk integrated with your other risk activities? How often do you discuss information security risk at the Board and Audit Committee? How confident are you about third party related risks? What are the top information security risks and how are they being addressed? How do you identify and manage new and emerging information security risks? Do you know what business information you need to protect and where it is? Are you prepared for a security crisis? Page 15

17 Page Thank you

Security and Privacy Trends 2014

Security and Privacy Trends 2014 2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,

More information

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily

More information

Threat Intelligence. Benefits for the enterprise

Threat Intelligence. Benefits for the enterprise Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

Cyber security guide for boardroom members

Cyber security guide for boardroom members Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker Business resilience in the face of cyber risk By Roger Ostvold and Brian Walker When it comes to experiencing failure of at least part of an enterprise s digital environment, it is a matter of when rather

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

MARSH REPORT October 2015. International Business Resilience Survey 2015

MARSH REPORT October 2015. International Business Resilience Survey 2015 MARSH REPORT October 2015 International Business Resilience Survey 2015 CONTENTS October 2015 CONTENTS 3 Introduction 4 Non-traditional risks top concerns, both in terms of likelihood and impact 7 Insurance

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

Cyber security: Are consumer companies up to the challenge?

Cyber security: Are consumer companies up to the challenge? Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

Cyber Security key emerging risk Q3 2015

Cyber Security key emerging risk Q3 2015 Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se Companies falling behind are more

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK 1 AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY 14 October 2015 OPENING ADDRESS LYNWEN CONNICK Thanks Arno, and good morning everyone. Welcome to Australian Information Security Association

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through email trust

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through email trust THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX How to create a thriving business through email trust FORWARD Today the role of the CISO is evolving rapidly. Gone are the days of the CISO as primarily

More information

Cyber Governance Health Check Cyber security survey for top segment of Dutch market

Cyber Governance Health Check Cyber security survey for top segment of Dutch market www.pwc.nl Cyber Governance Health Check Cyber security survey for top segment of Dutch market PwC The Netherlands May 2014 Contents Introduction Executive Summary Detailed results Part 1: Overview of

More information

PwC Cybersecurity Briefing

PwC Cybersecurity Briefing www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members

More information

Changing the Enterprise Security Landscape

Changing the Enterprise Security Landscape Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

erisks Policyholder s Guide to Privacy & Security Breach Response Planning

erisks Policyholder s Guide to Privacy & Security Breach Response Planning erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level

More information

HIGH ON THE RISK RADAR REPUTATION RISK

HIGH ON THE RISK RADAR REPUTATION RISK BUSINESS MANAGEMENT HIGH ON THE RISK RADAR REPUTATION RISK Reputation risk is top of mind for executive management, so here s how to manage it effectively. Words by Liz Brown Reputation risk it s not new,

More information

The European Response to the rising Cyber Threat

The European Response to the rising Cyber Threat SPEECH/12/315 Cecilia Malmström European Commissioner responsible for Home Affairs The European Response to the rising Cyber Threat Transatlantic Cyber Conference organised by the Center for Strategic

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Cyber intelligence exchange in business environment : a battle for trust and data

Cyber intelligence exchange in business environment : a battle for trust and data Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing

More information

Defending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

Cyber Security: from threat to opportunity

Cyber Security: from threat to opportunity IT ADVISORY Cyber Security: from threat to opportunity www.kpmg.com/nl/cybersecurity From threat to opportunity / Cyber security / 1 FOREWORD OPPORTUNITY-DRIVEN CYBER SECURITY Cyber security (also known

More information

SECURING THE INTERNET OF THINGS:

SECURING THE INTERNET OF THINGS: SECURING THE INTERNET OF THINGS: The conversation you need to have with your CEO Sponsored by SECURING THE INTERNET OF THINGS The internet of things (IoT) is the ultimate form of technology disruption

More information

Enhancing business resilience: Transforming cyber risk management through the role of the Chief Risk Officer (CRO)

Enhancing business resilience: Transforming cyber risk management through the role of the Chief Risk Officer (CRO) www.pwc.com/financialservices Enhancing business resilience: Transforming cyber risk management through the role of the Chief Risk Officer (CRO) December 2015 Contents Introduction 4 1 Many institutions

More information

Defending yesterday. Power & Utilities. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Power & Utilities. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

The Connected CFO a company s secret silver bullet?

The Connected CFO a company s secret silver bullet? a company s secret silver bullet? Imagine if the Chief Financial Officer (CFO) had a real-time dashboard of the business that automatically alerted him or her to specific triggers about the financial performance

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Playing Our Part in Responding to National Threats

Playing Our Part in Responding to National Threats Agenda Item 7 Report of: The Secretary of the Police and Crime Panel Date: 1 February 2016 1. Purpose of Report Playing Our Part in Responding to National Threats 1.1 This report provides Members with

More information

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:

More information

How to Ace IT Governance Without Tech Expertise

How to Ace IT Governance Without Tech Expertise How to Ace IT Governance Without Tech Expertise 50 POWERFUL QUESTIONS READY TO ASK AT YOUR NEXT BOARD MEETING Corporate Director and Creator of THE BOARDROOM BLUEPRINT TM OVERVIEW 50 POWERFUL I.T. QUESTIONS

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Cyber Security Evolved

Cyber Security Evolved Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

Australian Government Cyber Security Review

Australian Government Cyber Security Review Australian Government Cyber Security Review The Cisco Response Today, governments are almost universally pursuing a development and modernisation agenda to nurture their society into the digital age, and

More information

Cyber Governance Preparing for the Inevitable Perimeter Breach

Cyber Governance Preparing for the Inevitable Perimeter Breach SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au Cyber attack is one of the biggest threats to Australian businesses, however many Chief Executive Officers (CEOs) admit a lack

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Cybercrime in the Automotive Industry How to improve your business cyber security

Cybercrime in the Automotive Industry How to improve your business cyber security Cybercrime in the Automotive Industry How to improve your business cyber security Robert Morbin, Project Co-ordinator, SMMT Simon Kendall, Cyber Security, Department for Business, Innovation and Skills

More information

The Mid Yorkshire Hospitals NHS Trust. Job Description

The Mid Yorkshire Hospitals NHS Trust. Job Description Job Description POST: ACCOUNTABLE TO: ACCOUNTABLE FOR: Chief Executive Chairman of the Trust Executive and Corporate Directors 1.0 Role Summary As the statutory accountable officer, and full voting member

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

ERM Symposium April 2009. Moderator Nancy Bennett

ERM Symposium April 2009. Moderator Nancy Bennett ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented

More information

Solving the Security Puzzle

Solving the Security Puzzle Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big

More information

Best Practices to Improve Breach Readiness

Best Practices to Improve Breach Readiness Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1 Security Breaches 2 Security

More information

INSERT COMPANY LOGO HERE

INSERT COMPANY LOGO HERE 2013 2014 INSERT COMPANY LOGO HERE 2014 Global Network 2013 North Performance American Monitoring SSL Certificate and Cyber Security Customer Product Value Leadership Leadership Award Award Background

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Team Leader Business Information Data Warehouse Business Information Data Warehouse

Team Leader Business Information Data Warehouse Business Information Data Warehouse Position Title Group/Team Location Reports to HR reference Team Leader Business Information Data Warehouse Business Information Data Warehouse Information Wellington Manager ICT Service Delivery Tertiary

More information

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo 2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,

More information

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint Under control 2015 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fourth annual review of the IT hot topics for IT internal audit in financial

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance: Business Committee Policy Owner: Chief Superintendent, Corporate Services Department: Corporate Services Policy Number: 002 Version: 3.0 Policy Writer: Business Continuity Co-ordinator Effective

More information

Chief Information Officer

Chief Information Officer Security manager Job description Job title Security manager Location Wellington Group Organisation Development Business unit / team IT Solutions Grade and salary range Pay Group 1, Pay Band 6 Reports to

More information

International Chamber of Commerce The world business organization

International Chamber of Commerce The world business organization International Chamber of Commerce The world business organization ICC Cyber Security Guide for Business World Bank Seminar on Cyber Preparedness Vienna. 18 19 May 2015 Gerard Hartsink Chair ICC Task Force

More information

CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD

CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD Click on tabs below FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD Food and drink manufacturers

More information

The Evolution of Application Monitoring

The Evolution of Application Monitoring The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Data Security: Fight Insider Threats & Protect Your Sensitive Data Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Bridging the Security Governance Divide in Utilities

Bridging the Security Governance Divide in Utilities Bridging the Security Governance Divide in Utilities About Me Energy Security Advisor to utilities, regulators, integrators, energy start-ups Member: GTM GridEdge Exec Council ISC-ISAC Corporate Board

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Global Information Security Survey 2002

Global Information Security Survey 2002 M ARCH 2002 Global Information Security Survey 2002!@# Issues at a glance Only 40% of organisations are confident they would detect a systems attack 40% of organisations do not investigate information

More information

THE STATE OF HEALTH CARE AND ADULT SOCIAL CARE IN ENGLAND 2014/15

THE STATE OF HEALTH CARE AND ADULT SOCIAL CARE IN ENGLAND 2014/15 15 October 2015 THE STATE OF HEALTH CARE AND ADULT SOCIAL CARE IN ENGLAND 2014/15 This briefing summarises today s publication of the Care Quality Commission s annual State of Health and Adult Social Care

More information

Corporate Health and Safety Policy

Corporate Health and Safety Policy Corporate Health and Safety Policy November 2013 Ref: HSP/V01/13 EALING COUNCIL Table of Contents PART 1: POLICY STATEMENT... 3 PART 2: ORGANISATION... 4 2.1 THE COUNCIL:... 4 2.2 ALLOCATION OF RESPONSIBILITY...

More information

Defending yesterday. Technology. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Technology. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Accenture Risk Management. Industry Report. Life Sciences

Accenture Risk Management. Industry Report. Life Sciences Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

Railway Management Maturity Model (RM 3 )

Railway Management Maturity Model (RM 3 ) Railway Management Maturity Model (RM 3 ) (Version 1.02) March 2011 Published by the Office of Rail Regulation 1 Contents Introduction... 1 Excellence in safety management systems... 3 Governance, policy

More information

New Zealand Cyber Security Summit 2016 Report

New Zealand Cyber Security Summit 2016 Report New Zealand Cyber Security Summit 2016 Report KEEPING NEW ZEALAND S ECONOMY CYBER SECURE On 5 May 2016, 300 chief executives, board chairs, directors and senior business leaders took part in New Zealand

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

Cybersecurity and the Internet of Things. June 2015

Cybersecurity and the Internet of Things. June 2015 Cybersecurity and the Internet of Things June 2015 What is the Internet of Things? Agenda What is the Internet of Things?..2 The many and various benefits of IoT...7 The rise of the cyber threat..13 The

More information

Achieving Cyber Resilience. By Garin Pace, Anthony Shapella and Greg Vernaci

Achieving Cyber Resilience. By Garin Pace, Anthony Shapella and Greg Vernaci Achieving Cyber Resilience By Garin Pace, Anthony Shapella and Greg Vernaci Cyber security has become the single most important risk to company Boards of Directors around the world. This is not a surprise

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

PROJECT MANAGEMENT SURVEY

PROJECT MANAGEMENT SURVEY INDUSTRY TRENDS PROJECT MANAGEMENT SURVEY JANUARY 2015 Introduction 2015 will continue to see organisations across all sectors facing one of the most competitive, challenging and changing corporate environments

More information

Dashboards as an Effective Tool for HIPAA Security and Privacy Compliance

Dashboards as an Effective Tool for HIPAA Security and Privacy Compliance Dashboards as an Effective Tool for HIPAA Security and Privacy Compliance Bikram Bakshi President & CEO 1 Objectives The problem Key causes for data breaches Comparing these causes with CMS findings on

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Information Security in a Downturn

Information Security in a Downturn Information Security in a Downturn Prof. Howard A. Schmidt, CISSP, CSSLP President and CEO Information Security Forum Ltd. Vice-Chair and Security Strategist (ISC)2 Board of Directors Agenda 1. The Information

More information

Odgers Berndtson Board Survey. Among CEOs in Denmark s largest corporations

Odgers Berndtson Board Survey. Among CEOs in Denmark s largest corporations Boards and CEOs preparing for growth Almost half of the CEOs in Denmark s largest corporations consider the financial crisis to be over and expect positive growth in the near future. This calls for preparation

More information