CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Size: px
Start display at page:

Download "CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES"

Transcription

1 POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response strategies such as compliance driven controls and siloed solutions. This approach has resulted in cyber attacks becoming more frequent and widespread. The likelihood and potential impact of such attacks has subsequently made cybercrime a business risk on most executive boards agendas with a clear mandate to manage the same across all levels of the organisation. This paper discusses the top challenges faced by financial services institutions and presents CSC s point of view on how to prepare and defend against an increasingly sophisticated, well-funded and persistent threat environment. The financial services industry forms the backbone of today s globalised monetary and economic environment and is therefore highly regulated. The prospect of direct access to money with a capitalisation expected to exceed $143 trillion 1 worldwide in 2014 has resulted in the financial services industry becoming a prime target for cybercrime such as financial fraud, identity theft, unauthorised access or loss of data and denial of service attacks. Hackers and organised criminal groups with potential government funding have been constantly developing and improving techniques to circumvent information security controls and safeguards, in order to commit fraud, financial theft and other cybercrimes with advanced capabilities to execute persistent and targeted attacks. Today s organisations enable multi-country operations through centralised shared services and regional hubs and are dependent on partner ecosystems to provide cost effective, efficient and customer focused business services. As a consequence, modern banking systems have evolved across legislative borders with increased interconnection and complexity. This evolution has led to complex regulatory requirements, greater exposure to internal and external cybersecurity threats, and intensified concerns around data security and privacy across virtual borders. This paper highlights the cybersecurity challenges faced by the financial services industry due to the changing nature of threats and business and provides a view on mitigation strategies in order to strengthen the security posture. CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES The financial services industry is highly regulated with a variety of sometimes contradicting regulatory requirements on country and state levels. Consequentially, organisations are challenged with multiple views on compliance obligations with a large overlap and inconsistencies between mandates. As a result excessive controls and silo-based solutions are leading to an increase in cost and complexity. Significant security breaches at Target, KB Kookmin Card, Montana Department of Public Health and JPMorgan Chase, etc., illustrate that being compliant is not necessarily a guarantee that all risks are adequately managed and mitigated. Our point of view is that information security should be risk based with compliance being a significant driver but not the sole focus. It is essential to identify and monitor compliance, however, it is equally important to prepare the organisation to respond to previously unknown threats in a timely manner. This is achieved by 1 Market Line Report, Report Linker 1

2 building sufficient flexibility into the organisation s risk and control framework to ensure continuous monitoring and identification of new and emerging threats via a comprehensive information security risk management framework. Furthermore, financial services organisations should develop an overarching global compliance framework by identifying all the applicable requirements followed by an elimination of overlapping obligations. Subsequently, requirements should be mapped to the operating environment and country specific regulations. To further reduce the cost of compliance, testing and reporting on the effectiveness of controls should be centralised where feasible to ensure consistency. This further enables the organisation to provide a compliance status for multiple regulatory bodies by facilitating the mapping of controls to country specific regulations. CHALLENGE 2 DATA SECURITY, PRIVACY PROTECTION AND CROSS BORDER DATA TRANSFER Many organisations do not identify and clearly classify data based on sensitivity and criticality and therefore lack an understanding of which information matters most. Financial services institutions traditionally focus on the deployment of multiple point solutions (e.g. data leak prevention, access logging, rights management and encryption tools) to manage intentional or unintentional data loss, however, they lack an organisational wide integrated approach to adequately protect data on risk-based decisions. Yet another challenge is the difficulty in aligning the organisation s operating model and supporting environment to meet regulatory requirements. For example, managing privacy protection in the context of cross border data transfer as a consequence of shared services and centralised processing facilities. Concerns over privacy of sensitive information have resulted in countries adopting specific national and regional jurisdictional mandates across the globe with an increasing number of countries introducing mandatory disclosure of data breaches. Our point of view is that financial services institutions should have a holistic view on data security requirements managed by a comprehensive data governance framework which includes roles and responsibilities, geographic compliance requirements, inventory and reporting on assets, data classification and handling, and technical solutions like data leak prevention. One key element of a solid data governance framework is the identification of data flow inside and outside the organisation and mapping those to the organisational control environment. Furthermore, a risk assessment should be conducted to identify control gaps and an implementation roadmap developed to mitigate risks outside the organisation s risk appetite. The above initiatives should be complemented by a global security incident response plan with local notification and reporting. Mandatory disclosure of a data breach requires a comprehensive analysis of incidents to determine whether a breach has occurred. Organisations therefore require either sophisticated internal or readily available external forensics capabilities provided by a trusted partner. 2

3 CHALLENGE 3 MANAGING INFORMATION SECURITY REQUIREMENTS BEYOND THE ENTERPRISE S BOUNDARIES Partnerships, outsourcing and offshoring have become the reality and accepted business practice in the financial services industry to enable cost effective, efficient and customer focused business services. Traditional models used to outsource non-essential internal functions, like the maintenance of IT equipment, whereas recent models reach significantly further into the supply chain. Most financial services institutions have started to actively consume cloud services and engage a variety of business partners to provide material business functions such as claims management and insurance brokerage. These trends introduce complex data sharing requirements and new information security challenges which need to be proactively managed to ensure that the services meet business objectives and information is protected throughout its lifecycle from its collection to its destruction. Our point of view is that financial services institutions should implement a comprehensive vendor risk management framework to ensure that vendor risks are adequately managed, taking into consideration the sensitivity of information, criticality of the business activity and possibility of outsourcing and offshoring. The importance of adequate vendor risk management is also represented in a variety of regulatory requirements such as the Australian Prudential Standard CPS 231 for Outsourcing. A comprehensive vendor risk management framework includes, but is not limited to, roles and responsibilities that are clearly defined and understood throughout the organisation, as well as periodic vendor risk and due diligence assessments, to ensure due care and reduce risk and legal liability. It further ensures that minimum information security requirements, service level agreements and standard terms and condition are defined and contractually agreed on in legally binding contracts with the right to monitor and audit. CHALLENGE 4 BUSINESS CONTINUITY (BC) AND DISASTER RECOVERY (DR) The shift from traditional brick and mortar based business models to fully digitalised customer focused distribution channels has resulted in customers and prospects expecting exceptional experience on a 24x7 basis. Furthermore, service level agreements may impose financial penalties in the event the financial institution breaches the contractual agreement with its customers. To support the business in its objectives a close to zero tolerance in regards to downtime and data loss has to be accomplished by highly interconnected centralised shared services and banking systems. Our point of view is that financial services institutions should acknowledge that BC and DR are key business requirements and therefore need to be managed throughout the organisation. This should be accomplished by establishing an understanding of what impact service outages have on business objectives and subsequently translated those impacts into adequate recovery time and recovery point objectives for internal and third party provided services. In addition business units need to prepare contingency plans including alternative work practices and processes to support the business during a disaster. It is essential to periodically test DR and BC plans to ensure that involved parties are aware of their responsibilities and to identify opportunities to improve and 3

4 enhance the plans. Furthermore, a vendor risk management framework should ensure that vendors can provide agreed service and are equally prepared to handle a disaster. It is also advised that alternative suppliers for critical services are identified in case of a complete failure of the primary service provider. Lastly, the globalisation of travel and the world economy requires modern organisations to proactively monitor events around the world and prepare a Pandemic Plan as a worst case scenario. As communication with clients and business partners is a critical element of every DR and BC planning, organisations should consider using social media as highly available communication channel. CHALLENGE 5 MANAGING CYBER RISK FROM EMERGING AND ADVANCED THREATS Cybersecurity is a dynamic problem of velocity, volume and value, in that the threat agent is unknown, covert and laced with skills and arms (funds and channels) looking for the weakest link to exploit. On top of this, cybercrime is widespread and aggressive and poses a major threat to economic and national security, however many financial services institutions do not share information about threats or cooperate externally. Our point of view is that financial services institutions should consider a risk based approach to cybersecurity with actionable threat intelligence by collaborating internally and externally. The risk based approach consists of two parts. Firstly, organisations need to identify risk at a point in time and then undertake periodic reviews to identify changes in the threat landscape, threat actors, the likelihood of threat and any associated impact. Secondly, organisations should undertake continuous risk assessment by introducing a monitoring process for unknown threats. Increasing the source of information using threat indicator behaviour monitoring with notification and analytical capabilities, will enhance an organisation s defence. While the first part is traditional, known and done periodically, the second part is more complex. Continuous risk monitoring requires financial institutions to leverage internal and external threat intelligence, add proactive components of honeypots and malware analysis and collaborate with other financial institutions for sharing threat intelligence to construct a risk based holistic approach to cybersecurity. The benefits of a risk-based approach allow the identification of value and risk related to the significance of data and the weakest link, i.e. point of vulnerability. It helps prioritise efforts and focus on the weakest link to patch, gives visibility into the threat environment and enables better and informed information protection. Authored by Christian Haider, CSC Cybersecurity, senior security consultant, and Chandra Prakash Suryawanshi, CSC Cybersecurity, associate partner, business strategy, CSC Cybersecurity Consulting. 4

5 Worldwide CSC Headquarters The Americas 3170 Fairview Park Drive Falls Church, Virginia United States Europe, Middle East, Africa Royal Pavilion Wellesley Road Aldershot, Hampshire GU11 1PZ United Kingdom +44(0) Australia Level 6/Tower B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +61(0) Asia 20 Anson Road #11-01 Twenty Anson Singapore Republic of Singapore About CSC The mission of CSC is to be a global leader in providing technology-enabled business solutions and services. With the broadest range of capabilities, CSC offers clients the solutions they need to manage complexity, focus on core businesses, collaborate with partners and clients and improve operations. CSC makes a special point of understanding its clients and provides experts with realworld experience to work with them. CSC leads with an informed point of view while still offering client choice. For more than 50 years, clients in industries and governments worldwide have trusted CSC with their business process and information systems outsourcing, systems integration and consulting needs. The company trades on the New York Stock Exchange under the symbol CSC Computer Sciences Corporation. All rights reserved.

CELERITI CUSTOMER AGILE BANKING TECHNOLOGY

CELERITI CUSTOMER AGILE BANKING TECHNOLOGY CELERITI CUSTOMER AGILE BANKING TECHNOLOGY KEEP PACE WITH YOUR CUSTOMERS GROWING NEEDS KEEP PACE WITH YOUR CUSTOMERS GROWING NEEDS GROW YOUR CUSTOMER RELATIONSHIPS Building strong customer relationships

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

How the world s favourite reinsurance suite is about to get even better

How the world s favourite reinsurance suite is about to get even better SICS With Document and Workflow Management How the world s favourite reinsurance suite is about to get even better New and tougher compliance mandates Rising customer and producer service expectations

More information

IDENTIFY YOUR CUSTOMERS

IDENTIFY YOUR CUSTOMERS CONFIDENTID MOBILE USER AUTHENTICATION IDENTIFY YOUR CUSTOMERS BEYOND A SHADOW OF A DOUBT solutions for SECURE MOBILE AND ONLINE BANKING AUTHENTICATE WITH CONFIDENCE RECOGNIZE YOUR CUSTOMERS AND YOUR RISKS

More information

Deliver Superior Customer Service. Reduce Call Center and Back-Office Costs

Deliver Superior Customer Service. Reduce Call Center and Back-Office Costs Customer Service Accelerator NAVIGATE MULTIPLE SYSTEMS QUICKLY AND EASILY NAVIGATE MULTIPLE SYSTEMS QUICKLY AND EASILY Deliver Superior Customer Service Reduce Call Center and Back-Office Costs Enhance

More information

CUSTOMER SERVICE ACCELERATOR

CUSTOMER SERVICE ACCELERATOR CUSTOMER SERVICE ACCELERATOR DELIVER A RICHER EXPERIENCE ACROSS ALL CHANNELS DELIVER A RICHER EXPERIENCE ACROSS ALL CHANNELS Deliver Superior Customer Service Reduce Costs Enhance Customer Relationships

More information

PERFORMANCEPLUS GIVE YOUR PRODUCERS

PERFORMANCEPLUS GIVE YOUR PRODUCERS PERFORMANCEPLUS GIVE YOUR PRODUCERS INCENTIVES TO SELL software for INCENTIVE COMPENSATION MANAGEMENT GIVE YOUR PRODUCERS INCENTIVES TO SELL MOTIVATE SALES AND BOOST PROFITABILITY Consolidate All Producer

More information

EMPOWER WITH DATA YOUR BUSINESS AND KEEPING IT SAFE. maximizing data s business value

EMPOWER WITH DATA YOUR BUSINESS AND KEEPING IT SAFE. maximizing data s business value EMPOWER YOUR BUSINESS WITH DATA maximizing data s business value AND KEEPING IT SAFE EMPOWER YOUR BUSINESS WITH DATA maximizing data s business value AND KEEPING IT SAFE Data is an organization s lifeblood.

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

BEYOND PREMIUM BILLING

BEYOND PREMIUM BILLING BEYOND PREMIUM BILLING Authors: Paula Gallo and Jordan Battani End-to-End Revenue Management for Health Plans Introduction Ongoing cost pressure, product and service innovation, changing customer expectations,

More information

HEALTH PLANS Authors: Scot McConkey, Jordan Battani

HEALTH PLANS Authors: Scot McConkey, Jordan Battani INTEGRATED HEALTH MANAGEMENT FOR HEALTH PLANS Authors: Scot McConkey, Jordan Battani Introduction The frustrations, delays and disagreements that have defined the United States debate on health care reform

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

MOBILE BANKING TESTING TIMES FOR APPS DEVELOPMENT RESULTS OF OUR SURVEY

MOBILE BANKING TESTING TIMES FOR APPS DEVELOPMENT RESULTS OF OUR SURVEY MOBILE BANKING TESTING TIMES FOR APPS DEVELOPMENT RESULTS OF OUR SURVEY About this survey A SNAPSHOT ABOUT THE DEVELOPMENT OF MOBILE BANKING APPLICATIONS The aim of this survey, conducted in February 2014,

More information

EARLYRESOLUTION DEFAULT MANAGEMENT ACROSS MULTIPLE CHANNELS DRIVE HIGHER PERFORMANCE

EARLYRESOLUTION DEFAULT MANAGEMENT ACROSS MULTIPLE CHANNELS DRIVE HIGHER PERFORMANCE EARLYRESOLUTION DEFAULT MANAGEMENT DRIVE HIGHER PERFORMANCE ACROSS MULTIPLE CHANNELS R DRIVE HIGHER PERFORMANCE ACROSS MULTIPLE CHANNELS It s been a wild ride lately in the mortgage servicing industry.

More information

HIPAA COMPLIANCE REVIEW

HIPAA COMPLIANCE REVIEW HIPAA COMPLIANCE REVIEW DRAGON MEDICAL V 10 CSC 3811 Turtle Creek Blvd Suite 2000 Dallas, TX 75219 Phone: 214.520.0555 TABLE OF CONTENTS 1.0 Introduction 1 2.0 Findings 1 2.1 Observations and Recommendations

More information

WEALTH MANAGEMENT ACCELERATOR GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE AND ACCESS ASSETS

WEALTH MANAGEMENT ACCELERATOR GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE AND ACCESS ASSETS WEALTH MANAGEMENT ACCELERATOR GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE AND ACCESS ASSETS software for LIFE INSURANCE AND ANNUITY ADMINISTRATION GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

WEALTH MANAGEMENT ACCELERATOR GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE AND ACCESS ASSETS

WEALTH MANAGEMENT ACCELERATOR GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE AND ACCESS ASSETS WEALTH MANAGEMENT ACCELERATOR GIVE YOUR CUSTOMERS THE FREEDOM TO PROTECT, SAVE AND ACCESS ASSETS Give Your Customers the Freedom to Protect, Save and Access Assets ADDRESS YOUR CUSTOMERS GROWING DEMANDS

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

csc WORLD WORLD HEALTHCARE: A Performance Improvement Maturity Model for the Healthcare Industry at Virgin Money AN ARTICLE FROM

csc WORLD WORLD HEALTHCARE: A Performance Improvement Maturity Model for the Healthcare Industry at Virgin Money AN ARTICLE FROM csc AN ARTICLE FROM WORLD HEALTHCARE: A Performance Improvement Maturity Model for the Healthcare Industry The Green IT Issue WORLD Building a Better Business June 2008 at Virgin Money JUNE 2008 A Performance

More information

TRUSTED The Proven Document

TRUSTED The Proven Document TRUSTED The Proven Document Management and Collaboration Solution on Documentum COMPLIANCE AT WORK EMC s Preferred Regulatory Compliance Solution for Life Sciences THE FIRSTDOC DOCUMENT AND COLLABORATION

More information

leads European card processing into an exciting new age with CSC by its side

leads European card processing into an exciting new age with CSC by its side SiNSYS leads European card processing into an exciting new age with CSC by its side SiNSYS is Europe s undisputed leader in cross border card processing today. It is the only interbanking company offering

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

VISUAL PRODUCT MODELING SYSTEM (VP/MS) CRACK THE CODE FOR ADMINISTERING CALCULATIONS AND BUSINESS RULES

VISUAL PRODUCT MODELING SYSTEM (VP/MS) CRACK THE CODE FOR ADMINISTERING CALCULATIONS AND BUSINESS RULES VISUAL PRODUCT MODELING SYSTEM (VP/MS) CRACK THE CODE FOR ADMINISTERING CALCULATIONS AND BUSINESS RULES CRACK THE CODE FOR ADMINISTERING CALCULATIONS AND BUSINESS RULES INCREASE SPEED WHILE REDUCING COSTS

More information

INSIGHTS LIFE SCIENCES

INSIGHTS LIFE SCIENCES LIFE SCIENCES INSIGHTS Authors: Theresa Greco and Tom Beatty Master Data Management and Life Sciences: Industry Complexity Requires Investment, Governance, an Enterprise View and Mission- Specific MDM

More information

ERM Symposium April 2009. Moderator Nancy Bennett

ERM Symposium April 2009. Moderator Nancy Bennett ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

csc WORLD On Track WORLD VIRTUAL COMPUTING Delivering Desktops: It s Time to Think Differently AN ARTICLE FROM

csc WORLD On Track WORLD VIRTUAL COMPUTING Delivering Desktops: It s Time to Think Differently AN ARTICLE FROM csc AN ARTICLE FROM WORLD VIRTUAL COMPUTING Delivering Desktops: It s Time to Think Differently MARCH 2010 WORLD On Track Strategic End-to-End Rail Solutions Engineer Success INSIDE Virtualizing Desktops

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

IT Security Policy - Information Security Management System (ISMS)

IT Security Policy - Information Security Management System (ISMS) IT Security Policy - Information Security Management System (ISMS) Responsible Officer Contact Officer Vice-President, Finance & Operations Chief Digital Officer Superseded Documents IT Security Policy,

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

MoDerniZATion point of view. november 2013 BUILDING NEW APPLICATIONS IN THE CLOUD

MoDerniZATion point of view. november 2013 BUILDING NEW APPLICATIONS IN THE CLOUD MoDerniZATion point of view november 2013 BUILDING NEW APPLICATIONS IN THE CLOUD BUILDING NEW APPLICATIONS IN THE CLOUD Traditional ways of building IT applications no longer meet the demands of the business.

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

OF MEANINGFUL USE THE HIDDEN REQUIREMENTS HOSPITAL QUALITY REPORTING: Introduction. Authors: Jane Metzger, Melissa Ames and Jared Rhoads

OF MEANINGFUL USE THE HIDDEN REQUIREMENTS HOSPITAL QUALITY REPORTING: Introduction. Authors: Jane Metzger, Melissa Ames and Jared Rhoads HOSPITAL QUALITY REPORTING: THE HIDDEN REQUIREMENTS OF MEANINGFUL USE Authors: Jane Metzger, Melissa Ames and Jared Rhoads Hospitals must report on 15 required quality measures for Stage 1, using the certified

More information

SOCIAL MEDIA USE BY U.S. READY TO INTERACT: HOSPITALS AND HEALTH SYSTEMS

SOCIAL MEDIA USE BY U.S. READY TO INTERACT: HOSPITALS AND HEALTH SYSTEMS SOCIAL MEDIA USE BY U.S. READY TO INTERACT: HOSPITALS AND HEALTH SYSTEMS SOCIAL MEDIA USE BY U.S. READY TO INTERACT: HOSPITALS AND HEALTH SYSTEMS Use of social media among healthcare organizations is growing

More information

OECD PROJECT ON CYBER RISK INSURANCE

OECD PROJECT ON CYBER RISK INSURANCE OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

BIG DATA AND ANALYTICS BIG DATA AND ANALYTICS. From Sensory Overload to Predictable Outcomes

BIG DATA AND ANALYTICS BIG DATA AND ANALYTICS. From Sensory Overload to Predictable Outcomes BIG DATA AND ANALYTICS BIG DATA AND ANALYTICS From Sensory Overload to Predictable Outcomes THE BIG DATA CHALLENGE OR OPPORTUNITY Companies have long focused on how to better serve their customers and

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

WHAT DOES CLOUD MEAN FOR HEALTHCARE?

WHAT DOES CLOUD MEAN FOR HEALTHCARE? WHAT DOES CLOUD MEAN FOR HEALTHCARE? WHAT DOES CLOUD MEAN FOR HEALTHCARE? THE NEW REALITY For all the various healthcare organizations in the world, irrespective of whether we re talking to executive,

More information

THE NINTH ANNUAL GLOBAL SURVEY OF SUPPLY CHAIN PROGRESS

THE NINTH ANNUAL GLOBAL SURVEY OF SUPPLY CHAIN PROGRESS THE NINTH ANNUAL GLOBAL SURVEY OF SUPPLY CHAIN PROGRESS Findings from a survey jointly conducted by CSC, Neeley Business School at TCU, and Supply Chain Management Review (SCMR) THE NINTH ANNUAL GLOBAL

More information

APPLICATIONS MODERNIZATION WHITE PAPER DECEMBER 2013 JOURNEY TO THE APPLICATIONS FUTURE

APPLICATIONS MODERNIZATION WHITE PAPER DECEMBER 2013 JOURNEY TO THE APPLICATIONS FUTURE APPLICATIONS MODERNIZATION WHITE PAPER DECEMBER 2013 JOURNEY TO THE APPLICATIONS FUTURE JOURNEY TO THE APPLICATIONS FUTURE CIOs need to embark on a journey to rationalize, modernize and transform their

More information

Options and Key Considerations

Options and Key Considerations CONNECTING COMMUNITY PHYSICIANS CSC s Emerging Practices Group Many hospital leaders and physicians believe that sharing clinical information to provide more seamless, coordinated care for patients is

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis

More information

Cyber and Data Risk What Keeps You Up at Night?

Cyber and Data Risk What Keeps You Up at Night? Legal Counsel to the Financial Services Industry Cyber and Data Risk What Keeps You Up at Night? December 10, 2014 Introduction & Overview Today s Discussion: Evolving nature of data and privacy risks

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Security & privacy in the cloud; an easy road?

Security & privacy in the cloud; an easy road? Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

End of Support Should Not End Your Business. Challenge of Legacy Systems

End of Support Should Not End Your Business. Challenge of Legacy Systems End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

Sytorus Information Security Assessment Overview

Sytorus Information Security Assessment Overview Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)

More information

CONSULTING IMAGE PLACEHOLDER

CONSULTING IMAGE PLACEHOLDER CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization

More information

Cybersecurity Strategic Consulting

Cybersecurity Strategic Consulting Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with

More information

Managed Security Services

Managed Security Services Proactive Real-Time Monitoring and Risk Management Managed Security Services NCS Group Offices Australia Bahrain Brunei China Dubai Hong Kong SAR Korea Malaysia Philippines Singapore Sri Lanka Understanding

More information

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers

More information

Navigating the Waters of Incident Response and Recovery

Navigating the Waters of Incident Response and Recovery Navigating the Waters of Incident Response and Recovery Lee Kim, Esq. Tucker Arensberg, P.C. CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 2013 Lee Kim

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

Security & Privacy Current cover and Risk Management Services

Security & Privacy Current cover and Risk Management Services Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million. Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Trends in Cybersecurity and Privacy

Trends in Cybersecurity and Privacy www.pwc.com/ca/security Trends in Cybersecurity and Privacy Insights from The Global State of Information Security Survey 2016 Ottawa, Ontario April 13, 2016 Your speakers today David Craig Anthony Dias

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Life and annuity SoLutionS ReaCH for new HeiGHtS in PeRfoRManCe and flexibility

Life and annuity SoLutionS ReaCH for new HeiGHtS in PeRfoRManCe and flexibility Life and Annuity Solutions REACH FOR NEW HEIGHTS IN PERFORMANCE AND FLEXIBILITY INCREASE YOUR agility in the market SET A WINNING STRATEGY WITH CSC S LIFE AND ANNUITY SOLUTIONS CSC has helped Life & Annuity

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

Security Risk Management Strategy in a Mobile and Consumerised World

Security Risk Management Strategy in a Mobile and Consumerised World Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not

More information

Technology Strategy April 2014

Technology Strategy April 2014 Technology Strategy April 2014 Contents Overview 1 Our environment 1 Why change? 2 Our vision for technology what success looks like 3 Our approach 7 Transformation shifts how will we know we have been

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

2014 Authentication Survey Executive Summary. How Organizations Are Responding to Mobile and Cloud Threats

2014 Authentication Survey Executive Summary. How Organizations Are Responding to Mobile and Cloud Threats 2014 Authentication Survey Executive Summary How Organizations Are Responding to Mobile and Cloud Threats Overview As IT teams seek to keep sensitive assets safe, while supporting the evolving adoption

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

Technology Risk Management

Technology Risk Management 1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

London Business Interruption Association Technology new risks and opportunities for the Insurance industry London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Security Risk Solutions Limited is a privately owned Kenyan company that was established in 2007.

Security Risk Solutions Limited is a privately owned Kenyan company that was established in 2007. Information Security Management Present and Future By: Jona Owitti, CISA Director, Security Risk Solutions Limited Immediate Past Chairman, ISACA Kenya Chapter About SRS www.securityrisksolutions.net -

More information