Italy. EY s Global Information Security Survey 2013

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Italy. EY s Global Information Security Survey 2013"

Transcription

1 Italy EY s Global Information Security Survey 2013

2 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information security executives, representing most of the world s largest and most-recognized global companies. Responses to the survey were received from 64 countries and from almost every industry sector, and include some of the world s leading information security authorities. The insights and perspectives of all these participants have been invaluable. Survey results Security budget and investments 2 Security governance 9 The effectiveness of information security 16 Maturity of information security programs 20 Information security environment 27 Emerging technologies and trends 35 Contents EY s Global Information Security Survey

3 Survey results Security budget and investments EY s Global Information Security Survey

4 Security budget and investments 1. What is your organization s total spend on information security (approximately, in US$, including people, process and technology costs)? Choose one. Less than $500,000 43% Between $500,000 and $2 million 23% Between $2 million and $10 million 20% Between $10 million and $50 million Between $50 million and $100 million 2% More than $100 million 2% Due to rounding, data may not total 100%. EY s Global Information Security Survey

5 Security budget and investments 2. Which of the following describes the change in your organization s total information security budget over the last 12 months? Choose one. Increased by more than 2 Increased between 1 and 2 7% Increased between and 1 23% Stayed approximately the same (between + and -) 5 Decreased between and 1 Decreased between 1 and 2 Decreased by more than 2 0% EY s Global Information Security Survey

6 Security budget and investments 3. Which of the following describes the change in your organization s total information security budget in the coming 12 months? Choose one. Will increase by more than 2 Will increase between 1 and 2 1 Will increase between and 1 13% Will stay approximately the same (between + and -) 54% Will decrease between and 1 3% Will decrease between 1 and 2 0% Will decrease by more than 2 2% EY s Global Information Security Survey

7 Security budget and investments 4. Which of the following information security areas are defined as top priorities over the coming 12 months? (Please mark five items showing your top priority with a 1 to your fifth priority with a 5) Business continuity/disaster recovery Compliance monitoring Cyber risks/cyber threats Data leakage/data loss prevention Forensics/fraud support Identity and access management Implementing security standards (e.g., ISO/IEC 27002:2005) Incident response capabilities Information security risk management Information security transformation (fundamental redesign) Offshoring/outsourcing security activities, including third-party supplier risk Privacy Recruiting security resources Secure development processes (e.g., secure coding, QA process) Securing emerging technologies (e.g., cloud computing, virtualization, mobile computing) Security awareness and training Security governance and management (e.g., metrics and reporting, architecture, program management) Security incident and event management (SIEM) Security operations (e.g., antivirus, IDS, IPS, patching, encryption) Security testing (e.g., attack and penetration) Threat and vulnerability management (e.g., security analytics, threat intelligence) 7% 14% 12% 64% 20% 47% % 50% 39% 1 50% 33% 34% 14% 43% 14% 14% 4% 4% 20% 13% 12% 64% 50% 1 50% 19% 6% 23% 29% 7% 100% 33% 67% 50% % 100% 29% 43% 14% 13% 2 50% 14% 29% 14% 43% 22% 4 21% 16% 26% 26% 56% 33% 20% 30% 40% 1st 2nd 3rd 4th 5th EY s Global Information Security Survey

8 Security budget and investments 5. Compared to the previous year, does your organization plan to spend more, less or relatively the same amount over the coming year for the following activities? Business continuity/disaster recovery Compliance monitoring Cyber risks/cyber threats Data leakage/data loss prevention Forensics/fraud support Identity and access management Implementing security standards (e.g., ISO/IEC 27002:2005) Incident response capabilities Information security risk management Information security transformation (fundamental redesign) Offshoring/outsourcing security activities, including third-party supplier risk Privacy Recruiting security resources Secure development processes (e.g., secure coding, QA process) Securing emerging technologies (e.g., cloud computing, virtualization, mobile computing) Security awareness and training Security governance and management (e.g., metrics and reporting, architecture, program management) Security incident and event management (SIEM) Security operations (e.g., antivirus, IDS, IPS, patching, encryption) Security testing (e.g., attack and penetration) Threat and vulnerability management (e.g., security analytics, threat intelligence) 53% 31% 39% % 26% 41% 22% 19% 46% 34% 4 33% 31% 33% 30% 42% 66% 53% 62% 79% 64% 71% 71% 54% 6 70% 76% 70% 76% 46% 5 50% 56% 64% 62% 67% 3% 13% 3% 13% 19% 19% 22% 3% Spend more Spend the same Spend less EY s Global Information Security Survey

9 Security budget and investments 6. What was the approximate percentage of total spend for the following information security functional areas in your organization in the past 12 months and the coming 12 months? 50% 4 33% 34% 13% 16% Security operations and maintenance (keep the lights on) Security improvement and expansion Security innovation (emerging technology) Past 12 months Coming 12 months EY s Global Information Security Survey

10 Survey results Security governance EY s Global Information Security Survey

11 Security governance 7. To which department does the information security organization report in your organization? Choose one. Chief Information Officer (CIO) 59% The IT department but not directly to the CIO Chief Financial Officer (CFO) Chief Operations Officer (COO) Chief Executive Officer (CEO) Legal/Compliance/Privacy Department Chief Risk Officer (CRO) Internal Audit Department Business Unit Leader Other 7% 2% 2% 0% 0% EY s Global Information Security Survey

12 Security governance 8. Which statements best describe your information security strategy? Choose all that apply. We do not have an information security strategy 2% Our information security strategy is periodically reviewed and updated 49% Our information security strategy is aligned with the organization s business strategy 51% Our information security strategy is aligned with the organization s IT strategy 49% Our information security strategy is approved by senior management 24% Our information security strategy outlines our key security activities for the next 12 months Our information security strategy is aligned to our organizations risk appetite and risk tolerance 27% Our information security strategy is aligned to today s risk environment Our information security strategy outlines the future state of information security (three to five years out) 1 EY s Global Information Security Survey

13 Security governance 9. How often are information security topics presented to your board (or to the top governing structure in the organization)? Choose one. Never 2% Monthly Quarterly 22% Rarely 34% Annually 37% EY s Global Information Security Survey

14 Security governance 10. At what organizational level resides ownership of policies, operation and assurance for your information security Choose one per information security area. Information security assurance 4 40% Information security operations 3 59% 3% Information security policies 7 22% Group level Divisional/business unit level Third party Unknown EY s Global Information Security Survey

15 Security governance 11. From the following list of information security standards or frameworks, which are used by your organization? Choose all that apply. Capability Maturity Model Integration (CMMI) COBIT 3 COSO Generally Accepted Privacy Principles 3 Information Security Forum s (ISF) Standard of Good Practice Information Technology Infrastructure Library (ITIL) 5 ISO/IEC 27001: ISO/IEC 27002: NIST Handbooks (e.g., 800 Series ) Octave 0% OWASP 3 PCI DSS 1 None EY s Global Information Security Survey

16 Security governance 12. How do you ensure that your external partners, vendors or contractors are protecting your organization s information? Choose all that apply. Assessments performed by your organization s information security, procurement or internal audit function (e.g., site visits, security testing) 3 All third-parties are risk-rated and appropriate diligence is applied 13% Accurate inventory of third-party network connections and data transfers is kept 13% Independent external assessments of partners, vendors or contractors (e.g., SSAE 16, ISAE 3402) 1 Self assessments or other certifications performed by partners, vendors or contractors 3 Only critical or high-risk third parties are assessed 33% No reviews or assessments performed 13% EY s Global Information Security Survey

17 Survey results The effectiveness of information security EY s Global Information Security Survey

18 The effectiveness of information security 13. Please rate the following information security management processes in your organization in terms of maturity (on a scale of 1 to 5 where 1 is nonexistent and 5 is very mature) Security awareness, training and communication 43% 40% 12% Security governance and management (e.g., metrics and reporting, architecture, program management) 32% 3 20% Security operations (antivirus, IDS, IPS, patching, encryption, etc.) 1 6 Security testing (web applications, penetration testing, etc.) EY s Global Information Security Survey

19 The effectiveness of information security 14. How would you characterize the extent to which the Information Security function is meeting the needs of your organization? Choose one. Fully meets the organizational needs Partially meets the organizational needs and improvement is underway 79% Partially meets the organizational needs and there are no agreed plans for improvement It does not meet the organizational needs but improvement is underway 3% It does not meet the organizational needs and there are no agreed plans for improvement 0% EY s Global Information Security Survey

20 The effectiveness of information security 15. What are the main obstacles or reasons that challenge your Information Security operation s contribution and value to the organization? Choose all that apply. Lack of skilled resources 53% Budget constraints 71% Lack of executive awareness or support 47% Management and governance issues 1 Lack of quality tools for managing information security 3% Because respondents could select more than one option, data will not total 100%. EY s Global Information Security Survey

21 Survey results Maturity of information security programs EY s Global Information Security Survey

22 Maturity of information security programs 16. Which statement best describes the maturity of your threat intelligence program? Choose one. We do not have a threat intelligence program 30% We have an informal threat intelligence program that incorporates information from trusted third parties and distribution lists 33% We have a formal threat intelligence program that includes subscription threat feeds from external providers and internal sources, such as a security incident and event management tool 2 We have a threat intelligence team that collects internal and external threat and vulnerability feeds to analyze for credibility and relevance in our environment We have an advanced threat intelligence function with internal and external feeds, dedicated intelligence analysts and external advisors that evaluate information for credibility, relevance and exposure against threat actors 2% EY s Global Information Security Survey

23 Maturity of information security programs 17. Which statement best describes the maturity of your vulnerability identification capability? Choose one. We do not have a vulnerability identification program 1 We have an informal vulnerability identification program and perform automated testing on a regular basis 4 We use a variety of review approaches, including social engineering and manual testing 13% We have a formal vulnerability intelligence function with a program of assessments based on business threats utilizing deep dive attack and penetration testing 20% We have an advanced vulnerability intelligence function and conduct risk-based assessments with results and remediation agreed with the risk function throughout the year 7% EY s Global Information Security Survey

24 Maturity of information security programs 18. Which statement best describes the maturity of your detection program? Choose one. We do not have a detection program 2% We have perimeter network security devices (i.e., IDS). We do not have formal processes in place for response and escalation 3 We utilize a security information and event management (SIEM) solution to actively monitor network, IDS/IPS and system logs. We have an informal response and escalation processes in place 3 We have a formal detection program that leverages modern technologies (host-based and network-based malware detection, behavioral anomaly detection, etc.) to monitor both internal and external traffic. We use ad hoc processes for threat collection, integration, response and escalation 20% We have a formal and advanced detection function that brings together each category of modern technology (host-based malware detection, antivirus, network-based malware detection, DLP, IDS, next-gen firewalls, log aggregation) and uses sophisticated data analytics to identify anomalies, trends and correlations. We have formal processes for threat collection, dissemination, integration, response and escalation EY s Global Information Security Survey

25 Maturity of information security programs 19. Which statement best describes the maturity of your computer incident response capability? Choose one. We do not have an incident response capability 13% We have an incident response plan through which we can recover from malware and employee misbehavior. Further investigations into root causes are not conducted 3 We have a formal incident response program and conduct investigations following an incident 40% We have a formal incident response program and established arrangements with external vendors for more complete identity response services and investigations We have a robust incident response program that includes third parties and law enforcement and is integrated with our broader threat and vulnerability management function. We build playbooks for potential incidents and test those playbooks via table-top exercises regularly 2% EY s Global Information Security Survey

26 Maturity of information security programs 20. Which statement best describes the maturity of your data protection program? Choose one. We do not have a data protection program 2% Data protection policies and procedures are informal or ad hoc policies are in place 3 Data protection policies and procedures are defined at the business unit level 20% Data protection policies and procedures are defined at the group level 33% Data protection policies and procedures are defined at the group level with corporate oversight and communicated through the business, with specific business unit exceptions documented, tracked and annually reviewed EY s Global Information Security Survey

27 Maturity of information security programs 21. Which statement best describes the maturity of your identity and access management program? Choose one. We do not have an identity and access management program 1 A team with oversight of access management processes and central repository conducts reviews yet not formally established 30% A formal team provides oversight on defined access management processes although largely manual; a central directory is in place yet interacts with a limited number of applications and not regularly reviewed 23% A formal team interacts with business units in gaining oversight with well-defined processes, limited automated workflows, single source sign-on for most applications and regular reviews 20% A formal IT business unit has oversight of well-defined and automated processes, procedures and workflows; single source sign-on on for most applications without reentering logon details; and regular consistent reviews are conducted across all enterprise levels 12% EY s Global Information Security Survey

28 Survey results Information security environment EY s Global Information Security Survey

29 Information security environment 22. What percentage of your spending or effort is allocated to information security controls? Please allocate percentages to add to 100%. 37% 34% 29% Preventative controls Detective controls Response or recover controls EY s Global Information Security Survey

30 Information security environment 23. How has the risk environment in which you operate changed in the last 12 months? Choose all that apply. Increase in (internal) vulnerabilities 26% Increase in (external) threats 64% No change in (internal) vulnerabilities 56% No change in (external) threats 31% Decrease in (internal) vulnerabilities Decrease in (external) threats 3% Because respondents could select more than one option, data will not total 100%. EY s Global Information Security Survey

31 Information security environment 24. How has the number of security incidents* at your organization changed relative to the previous 12 months? Choose one. Increased by more than 50% 0% Increased between 2 and 50% Increased between and 2 20% Stayed approximately the same (between + and -) 64% Decreased between and 2 Decreased between 2 and 50% Decreased by more than 50% 0% 3% * An information security incident is made up of one or more unwanted or unexpected information security events that could very likely compromise the security of your information and weaken or impair your business operations EY s Global Information Security Survey

32 Information security environment 25. What is your estimate of the total financial damage related to information security incidents over the past year (this includes loss of productivity, regulatory fines, etc.; the estimate excludes costs or missed revenue due to brand damage)? Choose one. Between $0 and $50,000 33% Between $50,000 and $100,000 Between $100,000 and $200,000 0% Between $200,000 and $500,000 Between $500,000 and $1,000,000 3% Above $1,000,000 2% Don t know 49% EY s Global Information Security Survey

33 Information security environment 26. Based on actual incidents, which threats* and vulnerabilities** have most changed your risk exposure over the last 12 months? Vulnerability outdated information security controls or architecture 19% 56% 2 Vulnerability careless or unaware employees 20% 69% Vulnerability related to cloud computing use 21% 76% 3% Vulnerability vulnerabilities related to mobile computing use 64% 31% 5 Vulnerability related to social media use 31% 60% 9% Vulnerability unauthorized access (e.g., due to location of data) 76% 19% Threat cyber attacks to disrupt or deface the organization 17% 72% Threat cyber attacks to steal financial information (credit card numbers, bank information, etc.) 80% 9% Threat cyber attacks to steal intellectual property or data 84% Threat espionage (e.g., by competitors) 1 76% 9% Threat fraud 14% 77% 9% Threat internal attacks (e.g., by disgruntled employees) 14% 7 Threat malware (e.g., viruses, worms and Trojan horses) 3 40% 22% Threat natural disasters (storms, flooding, etc.) 3% 77% 20% Threat phishing 40% 49% Threat spam 36% 42% 22% Increased in past 12 months Same in past 12 months Decreased in past 12 months * Threat is defined as a statement to inflict a hostile action from actors in the external environment ** Vulnerability is defined as the state in which exposure to the possibility of being attacked or harmed exists EY s Global Information Security Survey

34 Information security environment 27. Which threats* and vulnerabilities** have most increased your risk exposure over the last 12 months Please select five of these items, marking your top item with a 1, your second with a 2, etc. Vulnerability outdated information security controls or architecture 27% 13% 13% 20% 27% Vulnerability careless or unaware employees 3 24% 1 23% Vulnerability related to cloud computing use 40% 30% 20% Vulnerability vulnerabilities related to mobile computing use 4 13% 22% 4% 13% Vulnerability related to social media use 23% 3 23% Vulnerability unauthorized access (e.g., due to location of data) 22% 56% 22% Threat cyber attacks to disrupt or deface the organization 22% 22% 34% Threat cyber attacks to steal financial information (credit card numbers, bank information, etc.) 29% 14% 29% 2 Threat cyber attacks to steal intellectual property or data 33% 17% 17% 17% 16% Threat espionage (e.g., by competitors) 2 12% 63% Threat fraud 22% 22% 34% Threat internal attacks (e.g., by disgruntled employees) 40% 30% Threat malware (e.g., viruses, worms and Trojan horses) 7% 33% 20% 33% 7% Threat natural disasters (storms, flooding, etc.) 50% 50% Threat phishing 14% 22% 14% 14% 36% Threat spam 30% 20% 30% * Threat is defined as a statement to inflict a hostile action from actors in the external environment ** Vulnerability is defined as the state in which exposure to the possibility of being attacked or harmed exists EY s Global Information Security Survey

35 Information security environment 28. How many external internet facing systems have been tested on an annual basis? Choose one. 0% 30% 2 12% 26% 50% 20% 51% 100% 3 EY s Global Information Security Survey

36 Survey results Emerging technologies and trends EY s Global Information Security Survey

37 Emerging technologies and trends 29. Could you please indicate the level of importance to your organization for the following technologies or trends? Choose one. Big data 22% 3 24% In-memory computing 14% 16% 30% 3 Cloud service brokerage 16% 27% 27% 24% 6% Bring your own cloud: personal cloud infrastructure 16% 27% 14% 27% 16% Supply chain management 26% 33% 20% 13% Digital money 39% 2 22% 3% Cyber havens: countries providing data hosting without onerous regulations 3 40% 22% 3% Internet of things: embedded sensors, image recognition technologies 30% 3 19% 16% Social media: new business models, including social media 19% 32% 41% 3% Enterprise application store: role of IT changes to more market focused 19% 41% 27% Digital devices security of smartphones and tablets 61% 29% Digital devices security of software applications 1 62% 23% Digital devices security of web-based applications (HTML5) 24% 47% 24% EY s Global Information Security Survey

38 Emerging technologies and trends 30. Could you please indicate the level of familiarity of the implications on your organization for the following technologies or trends? Big data 13% 19% 41% 22% In-memory computing 22% 3 21% Cloud service brokerage 24% 14% 30% 27% Bring your own cloud: personal cloud infrastructure 19% 16% 24% 33% Supply chain management 13% 19% 34% 13% 21% Digital money 27% 24% 30% 14% Cyber havens: countries providing data hosting without onerous regulations 24% 3 27% 14% Internet of things: embedded sensors, image recognition technologies 22% 3 30% 13% Social media: new business models, including social media 43% 3 6% Enterprise application store: role of IT changes to more market focused 14% 27% 43% Digital devices security of smartphones and tablets 3% 2% 21% 5 16% Digital devices security of software applications 29% 53% 13% Digital devices security of web-based applications (HTML5) 34% 47% EY s Global Information Security Survey

39 Emerging technologies and trends 31. If you re familiar with the implications on your organization, could you please indicate the level of confidence in your organization s capabilities to address the implications of the following technologies or trends? Big data 9% 20% 34% 31% 6% In-memory computing 23% 23% 32% Cloud service brokerage 17% 23% 31% 23% 6% Bring your own cloud: personal cloud infrastructure 17% 23% 17% 37% 6% Supply chain management 14% 19% 20% 33% 14% Digital money 24% 32% 29% 12% 3% Cyber havens: countries providing data hosting without onerous regulations Internet of things: embedded sensors, image recognition technologies 23% 32% 24% 21% Social media: new business models, including social media 6% 12% 44% 29% 9% Enterprise application store: role of IT changes to more market focused 9% 37% 34% 9% Digital devices security of smartphones and tablets 3% 3 46% 16% Digital devices security of software applications 3% 3% 3 4 Digital devices security of web-based applications (HTML5) 3% 27% 49% 13% EY s Global Information Security Survey

40 Emerging technologies and trends 32. Do you have a role or department in your information security function focusing on emerging technology and its impact on information security? Yes 5 No 34% No but planning to implement EY s Global Information Security Survey

41 EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. About EY s Advisory Services Improving business performance while managing risk is an increasingly complex business challenge. Whether your focus is on broad business transformation or more specifically on achieving growth, optimizing or protecting your business having the right advisors on your side can make all the difference. Our 30,000 advisory professionals form one of the broadest global advisory networks of any professional organization, delivering seasoned multidisciplinary teams that work with our clients to deliver a powerful and exceptional client service. We use proven, integrated methodologies to help you solve your most challenging business problems, deliver a strong performance in complex market conditions and build sustainable stakeholder confidence for the longer term. We understand that you need services that are adapted to your industry issues, so we bring our broad sector experience and deep subject matter knowledge to bear in a proactive and objective way. Above all, we are committed to measuring the gains and identifying where your strategy and change initiatives are delivering the value your business needs... Proprietary and confidential. Do not distribute without written permission EC ED 0114 ey.com

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Cybersecurity. Considerations for the audit committee

Cybersecurity. Considerations for the audit committee Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015 Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Creating trust in the digital world

Creating trust in the digital world Insights on governance, risk and compliance Creating trust in the digital world EY s Global Information Security Survey 2015 Contents Welcome 1 Today s attacks on the digital world 3 How attacks unfold

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Security and Privacy Trends 2014

Security and Privacy Trends 2014 2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Information Security Policy and Handbook Overview. ITSS Information Security June 2015 Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

2 0 1 4 F G F O A A N N U A L C O N F E R E N C E

2 0 1 4 F G F O A A N N U A L C O N F E R E N C E I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

Intelligence Driven Security

Intelligence Driven Security Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Achieving SOX Compliance with Masergy Security Professional Services

Achieving SOX Compliance with Masergy Security Professional Services Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information

More information

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

Identifying and Managing Third Party Data Security Risk

Identifying and Managing Third Party Data Security Risk Identifying and Managing Third Party Data Security Risk Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar April 29, 2015 1 Introduction & Overview Today s discussion:

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Conquering PCI DSS Compliance

Conquering PCI DSS Compliance Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

Cyber Security Risks for Banking Institutions.

Cyber Security Risks for Banking Institutions. Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6 Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6

More information

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL. Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Security Overview. BlackBerry Corporate Infrastructure

Security Overview. BlackBerry Corporate Infrastructure Security Overview BlackBerry Corporate Infrastructure Published: 2015-04-23 SWD-20150423095908892 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations...8 Corporate Security

More information

Towards Threat Wisdom

Towards Threat Wisdom Towards Threat Wisdom Duncan Brown dbrown@idc.com @duncanwbrown What our world looks like Incidents Threats 48% 1 1mpd 2 Infections x14 3 Sources: 1. PwC, The Global State of Information Security Survey

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:

More information

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS aims to provide the most secure, the most private, and

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

trends and audit considerations

trends and audit considerations Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

Hybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Hybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Hybrid Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction The economic benefits offered by public clouds are attractive enough for many

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

Social Networking and its Implications on your Data Security

Social Networking and its Implications on your Data Security Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co. About the Speaker Warren R. Bituin SGV & Co./Ernst

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

More information

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information