2012 DTTL Global Financial Services Industry Security Study Breaking Barriers
|
|
- Godfrey Phelps
- 7 years ago
- Views:
Transcription
1 2012 DTTL Global Financial Services Industry Security Study Breaking Barriers
2 Table of contents Executive Summary Preface Participating organizations profile Summary of study findings Sector highlights Survey results snapshot by region Security threats snapshot by region Study design and methodology Contact information Appendix Detailed study findings
3 Preface With increasing business demands and evolving regulatory frameworks, information security is a top priority for financial services industry (FSI) organizations. This year s security survey study finds that many FSI organizations have become more proactive in implementing innovative security measures and creating greater awareness of information security within their businesses. However, most organizations in the survey are challenged with balancing the cost of information security initiatives with the perceived risks of sophisticated threats and emerging technologies. 2
4 Participating organizations profile This year s participants represent: Chief Security Officers/Chief Information Security Officers (CISOs) or designate, or security management team Over 250 financial services organizations from 39 countries 11 of the leading* 100 global banks by revenue 24 of the leading* 100 global insurance organizations by revenue Participating organizations by sector Participating organizations by headcount Participating organizations by region and revenue Region % of participants responses % of aggregate revenue APAC (excl. Japan) 9% 9% Japan 9% 4% EMEA (excl. UK) 35% 31% Latin America & Caribbean (LACRO) 31% 6% UK 4% 16% US 7% 20% Canada 5% 14% * Ranking is based on Dow Jones Companies & Executives 3
5 Summary of study findings 1. Stronger together: silos and barriers retreat 2. Adapting to new technologies: security innovation Almost two-thirds of respondents believed that their information security function and business are engaged Over 50% of respondents indicated that they have a strong working relationship with operational risk management. Close to half of respondents indicated that they have strong relationships and coordinated activities with enterprise risk management Information security governance; identity and access management; and information security strategy and roadmap are cited to be the top security initiatives for this year Consistent with prior years, respondents cited a lack of sufficient budget (44%) and the increasing sophistication of threats (28%) as the primary barriers to implementing an effective information security program As the use of social media increases, 37% of respondents are revising organizational policies; 33% are educating users on social networking to address the security risks Many surveyed organizations have explored cloud computing options. However 40% of the respondents indicated they still do not use cloud computing. The reasons cited include technology prematurity, security risks, and adoption capabilities of the organization As a part of their mobility program, many organizations have already deployed, or plan to deploy, mobile VPN, central device management, and mobile device management software. However, more than 50% of respondents have not yet planned for deployment of anti-phishing software, employee and customer-facing applications, and data loss prevention for mobile devices 3. Policing cyber threats: safeguarding data assets Financial fraud involving information systems; employee errors and omissions; and breaches of information were perceived to be the top three threats in 2011 Three out of four respondents have dedicated privacy resources; organizations are increasingly focusing on protecting their sensitive information and formalizing the privacy function 49% of surveyed organizations claim to actively manage vulnerabilities, 82% of which are also actively researching new threats to proactively protect their environment from emerging threats Most surveyed organizations use the Security Operation Center (SOC) to monitor traffic and data and actively respond to incidents and breaches More than half of the respondents indicated that their organizations manage the SOC internally to get a better understanding of information security issues and gain more control over their operations 4
6 Sector highlights: Banking Survey Findings Maturity paradox: how to keep the Information Security (IS) program effective With increasing regulatory pressure, banking respondents continue to enhance their security programs. Close to 80% of respondents believe that their information security programs have reached a Level 3 (set of defined and document standard processes with degree of improvement over time) maturity or higher Even as security practices mature and advance, nearly 25% of the banking respondents indicated they experienced security breaches in the past 12 months Excessive access rights, security policies and standards that have not been operationalized, and lack of sufficient segregation of duties are cited as the top three external audit findings by banking respondents Balancing act: security and cost containment Even though more than 70% of banking respondents dedicate at least 1-3% of their IT budget to information security, lack of sufficient budget and/or resources is cited as the top barrier for an effective information security program Nearly half of banking respondents have already implemented or purchased cloud computing services. Of those who have not implemented cloud computing services, close to 90% of the respondents believe the benefits outweigh the security risks Vulnerability scanning and penetration testing (72%) is the top information security function that is outsourced to a third-party. This is followed by threat management and monitoring services, at 24% Security innovation: new technologies and their risks have arrived Nearly 75% of the banking respondents are making use of social media; 20% of the banking respondents have deployed technical controls to block or limit organizational usage When it comes to adoption of mobile devices, banking respondents indicated that the top three security controls are enhancing the consumer acceptable use policy, integrating consumer device security into awareness campaigns and enforcing complex passwords A total of 158 banking organizations participated in this year s survey, making up 62% of respondents As banks adapt to increased financial regulatory pressure and adopt new technologies to stay competitive, they are challenged with managing myriad vulnerabilities and business expectations 5
7 Sector highlights: Insurance Survey Findings Challenges remain: executive sponsorship and limited IS budget In response to breaches of customer data, nearly 70% of respondents information security programs have achieved Level 3 maturity or higher Despite increased focus on protecting data from security breaches, approximately 40% of the 46 major insurance organizations have experienced one or more breaches in the past 12 months According to a majority of insurance respondents, lack of sufficient budget and/or resources is the top barrier for an effective information security program for insurance organizations. The next most common barrier is lack of visibility and influence within the organization In the spot light: data protection and mobile security Employees in the insurance sector demand more virtual and mobile products or services. It is no surprise that over 80% of insurance respondents support employee-owned or corporate-owned mobile devices With increased use of mobile devices, over 45% of insurance respondents indicate they experienced one or more breaches in the past 12 months Due to increased focus on data protection, close to 80% of respondents have one or more dedicated resource for managing privacy in addition to an IS program Data Protection and IS Governance are the top two security initiatives this year for insurance organizations; 57% of insurance respondents believe they are adequately equipped, including technical and nontechnical measures; for protecting customer sensitive data A total of 46 major insurance organizations participated in this year s survey, making up 18% of respondents Insurance organizations are bracing for the impact of more stringent consumer financial laws and the risks associated with newer technologies to meet the growing demand for virtual operations 6
8 Survey results snapshot by region Survey Highlights 2010 Global 2011 Global APAC (excl. Japan) Japan * EMEA (excl. UK) LACRO United Kingdom United States Canada 1 Respondents believe there is an increase in their information security budget 56% 57% 73% 14% 55% 62% 56% 94% 46% 2 Respondents believe their information security expenditure is on or above plan 45% 48% 50% 27% 50% 50% 44% 50% 31% 3a Top Security initiatives Respondents who believe identity access management being the top security initiative 44% 27% 18% 9% 38% 18% 44% 33% 46% 3b Respondents who believe IS governance as the top security initiative N/A 28% 36% 36% 31% 29% 11% 1111% 8% 4 Respondents that implemented or purchased cloud computing services N/A 48% 50% 41% 54% 30% 89% 89% 62% 5 Respondents who experienced privacy-related breaches in the past year N/A 27% 32% 23% 26% 21% 67% 50% 23% Highest Lowest * For the purpose of this document, we have separated Japan from the rest of Asia Pacific With the exception of Canada and Japan, more than 50% of respondents in each region report an increase in the information security budget Despite the economic downturn and corporate budget cuts, the majority of regions believe that their information security expenditure is on or above plan Identity and access management is the top security initiative in Canada and United Kingdom. IS governance is the top security initiative for Japan and APAC region When it comes to the adoption of new technology, United States and United Kingdom respondents have the highest number of organizations that implemented cloud computing services United Kingdom and United States respondents have experienced more privacy-related breaches in the past year than other regions 7
9 Security threats snapshot by region Security Threats 2011 Global APAC (excl. Japan) Japan * EMEA (excl. UK) LACRO United Kingdom United States Canada 1 State or industrial espionage 6% 14% 0% 5% 5% 0% 22% 0% 2 Attacks exploiting mobile network vulnerabilities 10% 9% 9% 10% 12% 11% 11% 15% 3 Threats resulting from the convergence of social media and online platforms into the corporate network (e.g., using micro-blogging by a project manager) 8% 14% 9% 4% 7% 11% 28% 8% 4 Financial fraud involving information systems 18% 14% 5% 15% 16% 44% 22% 54% 5 Security breaches involving third-party organizations (e.g., supply chain or contractors) 12% 14% 5% 7% 8% 33% 50% 15% 6 Hacktivism or cyber-activism 14% 9% 0% 15% 14% 33% 17% 23% Highest Lowest * For the purpose of this document, we have separated Japan from the rest of Asia Pacific The United States reports the highest number of respondents who cite state or industrial espionage as the highest threat Respondents report mobile network vulnerabilities are highest in Canada and lowest in APAC and Japan The Unites States has the highest number of respondents (28%) that perceive social media as a threat; EMEA, at 4%, has the lowest More than 50% of respondents in Canada report financial fraud involving information systems as a threat More than 50% of United States respondents consider security breaches involving third-party organizations as a high threat; respondents in Japan have the lowest response at 5% The United Kingdom has the highest number of respondents who cite hactivism or cyber-activism as a key security threat; Japan has the lowest at 0% 8
10 Study design and methodology This DTTL Global Security Study reports on the outcome of focused discussions between Security & Privacy professionals from Deloitte member firms around the world (Deloitte*) and Information Technology executives of top global organizations. Discussions with representatives of these organizations were designed to identify, record, and present the state of the practice of information security in the financial services industry with a particular emphasis on identifying levels of perceived risks, the types of risks with which organizations are concerned, and the resources being used to mitigate these risks. To fulfill this objective, senior Security & Privacy professionals within the Deloitte member firm network designed a questionnaire that probed various aspects of strategic and operational areas of security and privacy. Responses of participants were subsequently analyzed and consolidated and are presented herein in both qualitative and quantitative formats. Drafting of the questionnaire The questionnaire comprised questions composed by the global study team made up of senior Deloitte member firm Security & Privacy Services professionals. Questions were selected based on their potential to reflect the most important operating dimensions of a consumer business organization s processes or systems in relation to security and privacy. The questions were each tested against global suitability, timeliness, and degree of value. The purpose of the questions was to identify, record, and present the state of information security and privacy in the industry. The collection process Once the questionnaire was finalized and agreed upon by the study team, questionnaires were distributed to the participating regions electronically. Data collection involved gathering both quantitative and qualitative data related to the identified areas. Each participating region assigned responsibility to senior member firm professionals within their firms Security & Privacy Services practices and those people were held accountable for obtaining answers from the various financial institutions with which they had a relationship. Most of the data collection process took place through face-to-face interviews with the CISO/Chief Security Officer or designate, and in some instances, with the security management team. Deloitte member firm professionals also offered preselected consumer business organizations the ability to submit answers online using an online questionnaire managed by DeloitteDEX of Deloitte & Touche LLP. Results, analysis, and validation The DeloitteDEX team is responsible for analyzing the data from the study. DeloitteDEX is a family of proprietary products and processes for diagnostic benchmarking applications. The DeloitteDEX team uses a variety of research tools and information databases to provide benchmarking analyses measuring financial and/or operational performance. Deloitte member firm clients performance can be measured against that of their peer group(s). The process identifies competitive performance gaps and can help management to understand how to improve the performance of business processes by identifying and adopting leading practices on a company, industry, national, or global basis, as appropriate. *As used in this communication, Deloitte means Deloitte Touche Tohmatsu Limited and its member firms. Once the DeloitteDEX team received the data, it was arranged by geographic origin of respondents. Some basic measures of dispersion were calculated from the data sets. Some answers to specific questions were not used in calculations to keep the analysis simple and straightforward. Not all respondents answered all questions; in which case, their responses were excluded. 9
11 How to interpret the survey results Three different type s of charts depict your responses against the 2012 GFSI security study questions: Bar chart & Table chart: Your responses will be highlighted in blue color Pie chart: Your responses will be highlighted in the sliced pie Please note that if no responses are highlighted then it indicates that your organization did not provide a response to that question Bar Chart Table Chart Your response Your response Your response Pie Chart Your response 10
12 Global Contacts: Global Security, Privacy, and Resiliency Contacts Global Ted DeZabala Global ERS Platform Leader Security, Privacy & Resiliency Deloitte & Touche LLP Americas Region Nick Galletto Canada Deloitte & Touche Edward Powers U.S Deloitte & Touche LLP Asia Pacific Region Thio Tse Gan Singapore Deloitte & Touche Enterprise Risk Services Europe, Middle East, and Africa Region Mike Maddison U.K. Deloitte LLP Financial Services Enterprise Risk Management Contacts Global Scott Baret Global Financial Services Industry ERS Leader Deloitte & Touche LLP Latin America Region Elsa Mena Columbia Deloitte & Touche Ltda emenacardona@deloitte.com Andrés Gil LATCO Deloitte & Co S.A angil@deloitte.com emenacardona@deloitte.com Rodrigo Mendes Duarte Brazil Deloitte Consulting rodrigomendes@deloitte.com Europe, Middle East and Africa Region Alfonso Mur Spain Deloitte Advisory, S.L ext 2103 amur@deloitte.es Asia Pacific Region Danny Lau Hong Kong Deloitte & Touche Tohmatsu danlau@deloitte.com.hk Contributor: Walter Hoogmoed Principal Deloitte & Touche LLP whoogmoed@deloitte.com
13 Appendix: Detailed Study Findings
14 1. Governance and reporting Three out of four organizations have an executive responsible for information security. 13
15 1. Governance and reporting (cont.) While the reporting structure varies across organizations, the trend is that the information security function most commonly reports to the CRO, COO, CTO and CEO. 14
16 1. Governance and reporting (cont.) The top areas of focus for information security (IS) executives are IS strategy and planning; IS governance; IS compliance and monitoring; IS risk assessments; incident management; IS communications, awareness and training; data security; IS program measurement and reporting; vulnerability management; and IS budgeting. 15
17 1. Governance and reporting (cont.) Over half of respondents indicate that Information Security and Operational Risk Management have a strong working relationship with coordinated activities. 16
18 1. Governance and reporting (cont.) Close to half of respondents indicate that they have strong relationships and coordinated activities between the information security and enterprise risk management function. 17
19 1. Governance and reporting (cont.) Most organizations have a dedicated information security function; nearly half of respondents indicate that the size of their information security function is between one and five full time equivalent professionals. 18
20 1. Governance and reporting (cont.) Despite increasing cohesion between the information security and business functions, 36% of respondents indicate there is little or no engagement between them. 19
21 2. The security strategy Most organizations understand the value and importance of having a documented and approved information security strategy. 20
22 2. The security strategy (cont.) Most organizations are aligning business requirements and technology strategy to the overall information security strategy. 21
23 3. Information security maturity Over three quarters of respondents believe that their information security program maturity is a Level 3 or higher. 22
24 1. Governance & Reporting 8. Security Technologies 3. Information security maturity (cont.) Most organizations are still evolving their metrics and enhancing them so that they are less technical and more business focused. 23
25 1. Governance & Reporting 3. Information security maturity (cont.) The majority of organizations believe that lack of adequate budget/resources is the main barrier to establishing an effective information security program. 24
26 3. Information security maturity (cont.) Security reporting frequency and audience vary among organizations; a significant number of respondents do not follow a formalized plan for reporting information security to the C-Suite. Approximately one out of three organizations present a monthly report on the security posture of the organization to senior and executive management. 25
27 3. Information security maturity (cont.) Information security governance, identity and access management, information security strategy and roadmap, information security regulatory and legislative compliance, data protection, information security measurement and reporting and information security training and awareness were the top security initiatives for
28 3. Information security maturity (cont.) Organizations rely mainly on internal self assessments as well as internal and external audit reviews to gauge the effectiveness of their information security practices. 27
29 1. Governance & 1. Governance & Reporting 3. Information security maturity (cont.) More than 50% of organizations recognize the need to maintain a loss event database to identify trends and continuously improve processes; however, almost one third of organizations still do not maintain a loss event database. 28
30 4. Investment in information security To keep pace with the increasing sophistication of attacks and the number of breaches, the majority of organizations have dedicated IT budget to information security. Close to one third of organizations have dedicated at least 4-6% of their budgets to information security. 29
31 4. Investment in information security (cont.) Despite the economic downturn and corporate budget cuts, information security budgets continue to grow; 38% of organizations have increased their information security budgets by 1-5%. 30
32 4. Investment in information security (cont.) While there is an increase in the annual information security budget, nearly half of organizations are still catching up or falling behind their information security expenditures plan. 31
33 4. Investment in information security (cont.) Organizations are increasingly making a push for aligning security objectives with business goals. Nearly 90% claim the IS and business initiatives are somewhat or appropriately aligned. 32
34 Cyber Crime 5. Security operation center To combat today s sophisticated threats, monitoring traffic and data and actively responding to incidents and breaches are the top SOC capabilities being used by organizations. However, one out of four organizations still does not use a SOC. 33
35 Cyber Crime 7. Breach of Info Sec 14. Security Value and Perception 6. Threat Landscape 13. Cyber Crime 12. Compliance 4.Investment in Info Sec 11. Privacy 3. Info Sec Maturity 10. Third party mgmt 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 5. Security operation center (cont.) More than half of organizations feel that the most effective way to provide oversight to a SOC is to manage it internally, thereby giving them more control over operations and awareness of information security issues. 34
36 Cyber Crime 5. Security operation center (cont.) SOC serves the purpose of monitoring many types of systems, devices, applications, firewalls, and security breaches. However, only 28% of organizations believe that the SOC is effective in raising the level of security. 35
37 7. Breach of Info Sec 6. Threat Landscape 13. Cyber Crime 5. Security Operation Center 12. Compliance 4.Investment in Info Sec 11. Privacy 3. Info Sec Maturity 10. Third party mgmt. 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 6. Security value and perception Information security initiatives must be tailored to the organization s specific business goals to be fully effective. Two thirds of organizations believe that their security initiatives are only somewhat effective. 36
38 7. Breach of Info Sec 14. Security Value and Perception 6. Threat Landscape 13. Cyber Crime 5. Security Operation Center 12. Compliance 4.Investment in Info Sec 11. Privacy 3. Info Sec Maturity 10. Third party mgmt 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 7. Threat landscape Roughly three out of four organizations are somewhat or very confident that they can protect against an internal attack or breach, in comparison to nine out of ten organizations that are somewhat or very confident that they can protect against an external attack or breach. 37
39 7. Threat landscape (cont.) As the use of technology and the internet proliferates, financial fraud involving information systems, information breaches, hacktivism and coordinated attacks are cited as the top four greatest threats. 38
40 7. Breach of Info Sec 14. Security Value and Perception 13. Cyber Crime 5. Security Operation Center 12. Compliance 4.Investment in Info Sec 11. Privacy 3. Info Sec Maturity 10. Third party mgmt 2. The Security Strategy 9. Security Operations 8. Security Technologies 7. Threat landscape (cont.) One third of organizations that are adopting social media are revising organizational policies, educating users on social networking and deploying technical controls to block organizational usage as security controls. 39
41 7. Threat landscape (cont.) Most organizations have explored the option of cloud computing; however, close to 50% of organizations have not adopted cloud computing due to security risks, technology maturity, and organization size. 40
42 7. Threat landscape (cont.) In response to risks associated with cloud computing services, organizations should adopt appropriate controls to mitigate those risks. The top controls are including security policy in contracts with cloud computing service providers and specifying the right to audit providers systems and infrastructure. 41
43 8. Breach of information security With external breaches becoming more sophisticated, organizations are stepping up their information security measures to protect themselves. More than 75% of organizations have not faced an external breach in the last 12 months. 42
44 8. Breach of information security (cont.) Type Once occurrence Multiple occurrences Theft of information resulting from state or industrial espionage 100% 0% External financial fraud involving information systems 36% 64% Breach of information originating from an electronic attack outside the organization (e.g., hacker, etc.) 63% 37% Breach of information originating from a physical attack outside the organization (e.g., stolen laptop, etc.) 55% 45% Breach of information originating from a third-party vendor off the organization s premises 65% 35% Mobile network breach originating from outside the organization 100% 0% Malicious software originating from outside the organization 32% 68% Website defacement 83% 17% Other form of external breach 64% 36% While many organizations have not faced external breaches in last 12 months, the type and occurrence of the external breaches is varied across organizations. 43
45 8. Breach of information security (cont.) Close to one third of respondents admit to internal information security breaches in the past 12 months. 44
46 Perception 6. Threat Landscape 13. Cyber Crime 5. Security Operation Center 12. Compliance 4.Investment in Info Sec 11. Privacy 3. Info Sec Maturity 10. Third party mgmt 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 8. Breach of information security (cont.) Type Once occurrence Multiple occurrences Internal financial fraud involving information systems 54% 46% Breach of information originating from insider or rogue trading 63% 37% Breach of information originating from inside the organization conducted by an employee (e.g., abuse of privileged access, phishing , etc.) 56% 44% Breach of information originating from inside the organization conducted by a non-employee (e.g., malicious third-party, social engineering, etc.) 50% 50% Accidental breach of information originating from inside the organization (e.g., loss of unencrypted laptop, hard drive, etc.) 37% 63% Breach of information originating from a third-party vendor (e.g., cleaners, consultants, etc.) on the organization s premises 56% 4% Mobile network breach originating from inside the organization (e.g., wireless) 100% 0% Malicious software originating from inside the organization (e.g., viruses/worms/spyware) 28% 72% Other form of internal breach 50% 50% Mobile network breach, malicious software, and accidental breach of information are the leading causes of breaches originating from inside the organization. 45
47 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 8. Breach of information security (cont.) For the two thirds of organizations who reported a monetary damage, 11% suffered a loss of $250,000 or less. However, 4% of those organizations lost between $1 million and $15 million in monetary damages resulting from breaches. 46
48 Perception 6. Threat Landscape 13. Cyber Crime 5. Security Operation Centre 12. Compliance 4.Investment in Info Sec 11. Privacy 3. Info Sec Maturity 10. Third party mgmt 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 9. Security technologies Many organizations believe that technologies such as firewalls or web security are most useful in protecting their networks, but most are skeptical about data security, mobile and event management when it comes to protecting their organization. 47
49 9. Security technologies (cont.) Security log and event management along with data loss prevention are the top initiatives that are currently being piloted. 48
50 9. Security technologies (cont.) Most organizations are using multiple methods to detect and assess their organizations security vulnerabilities on a periodic basis; however, many respondents indicate that an application security code review is performed on an ad-hoc basis. The Security Strategy 49
51 10. Security operations Most organizations provide corporate devices rather than employee-purchased devices to mitigate security risks. 50
52 10. Security operations (cont.) Majority of the organizations are currently dealing with mobile device related security risks through formal policy measures and awareness campaigns. In addition, organizations are implementing some foundational security measures such as device password pins and remote wipe capabilities, though a few of the surveyed organizations have deployed commercial mobile device management technology solutions for security profile provisioning, device tracking, control and management. 51
53 10. Security operations (cont.) The top three (3) mobility focus areas that organizations have invested in or are looking to invest in the near future are development and adoption of an overarching and centralized mobile security strategy, implementation of a mobile device management technology solution for increased visibility and control of devices in the enterprise, and secure deployment and support of tablet devices. 52
54 11. Outsourcing and third-party security management While many security functions are outsourced, the top five functions are infrastructure security technologies, filtering, distributed denial of service protection, threat management and monitoring services and vulnerability scanning/penetration testing. 53
55 11. Outsourcing and third-party security management (cont.) While close to 50% of organizations have identified third party security capabilities, controls and organizational dependencies, two thirds of organizations do not regularly review and test third party security capabilities. 54
56 11. Outsourcing and third-party security management (cont.) Most organizations address information security in contracts and sign nondisclosure agreements to reduce the risk of outsourcing, but do not perform on-site spot checks of third parties to verify compliance. 55
57 12. Privacy Close to 60% of organizations have 1-20 fulltime equivalents dedicated to privacy while close to 26% of organizations have no resources dedicated to privacy. 56
58 12. Privacy (cont.) In 2011, nearly one third of organizations dedicate 3% or less of the overall organization s budget to privacy. 57
59 12. Privacy (cont.) Most organizations believe that they have adequate measures in place to handle privacy-sensitive data. 58
60 12. Privacy (cont.) Almost half of organizations report privacy-related incidents over the past year. The reluctance of organizations to report privacyrelated breaches is slowly decreasing with many breach notification initiatives undertaken by organizations. 59
61 7. Breach of Info Sec 14. Security Value and Perception 6. Threat Landscape 13. Cyber Crime 5. Security Operation Center 12. Compliance 4.Investment in Info Sec 3. Info Sec Maturity 10. Third party mgmt 2. The Security Strategy 9. Security Operations 1. Governance & Reporting 8. Security Technologies 12. Privacy (cont.) Most organizations have policies in place that require them to report breaches internally and externally. 60
62 13. Compliance The top four internal and external audit findings relate to access management, with excessive access rights being the top audit finding followed by excessive developer s access to production, removal of access privileges following transfer or termination and lack of sufficient segregation of duties. 61
63 14. Cyber crime As the threat landscape becomes more sophisticated, organizations are becoming more proactive in identifying and managing risks through a variety of approaches. 62
64 Use your smart phone to scan this QR code and view this study and other Deloitte publications. Don t have a reader? Visit us at Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte s approximately 182,000 professionals are committed to becoming the standard of excellence. This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication Deloitte Global Services Limited.
Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a
Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a focus on cyber security Introduction and Executive summary From September
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationPerceptions About Network Security Survey of IT & IT security practitioners in the U.S.
Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon
More informationPersonal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach
Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationMitigating Bring Your Own Device (BYOD) Risk for Organisations
Mitigating Bring Your Own Device (BYOD) Risk for Organisations Harness the benefits and mitigate the risks of BYOD espiongroup.com Executive Summary Mobile devices such as smart phones, tablets, or laptops
More informationUnderstanding Security Complexity in 21 st Century IT Environments:
Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted
More informationGlobal Network and Application Security Testing Market An Overview of Emerging Trends and Growth Opportunities For Test Solution Vendors
Global Network and Application Security Testing Market An Overview of Emerging Trends and Growth Opportunities For Test Solution Vendors May 2013 Contents Section Slide Numbers Executive Summary 4 Market
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More information2015 Global Study on IT Security Spending & Investments
2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationThe State of Data Centric Security
The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationtrends and audit considerations
Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,
More informationInternet Reputation Management Guide. Building a Roadmap for Continued Success
Internet Reputation Management Guide Building a Roadmap for Continued Success About BrandProtect BrandProtect is the leader in multi-channel Internet threat monitoring and risk mitigation. The company
More informationState of Information Security
State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page
More informationCyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks
Cyber security: everybody s imperative A guide for the C-suite and boards on guarding against cyber risks Secure Enhance risk-prioritized controls to protect against known and emerging threats, and comply
More information2014: A Year of Mega Breaches
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationThe Internal Audit fraud challenge Prevention, protection, detection
The Internal Audit fraud challenge Prevention, protection, detection Contents Introduction to survey 1 Key findings 2 What are the views of senior management? 3 Adequately resourced? 6 Current trends and
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationExecutive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3
GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party
More informationThird-Party Cybersecurity and Data Loss Prevention
Third-Party Cybersecurity and Data Loss Prevention SESSION ID: DSP-W04A Brad Keller Sr. Vice President Santa Fe Group Jonathan Dambrot, CISSP CEO, Co-Founder Prevalent Networks 3rd Party Risk Management
More informationThe enemies ashore Vulnerabilities & hackers: A relationship that works
The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationTake the right steps 9 principles for building the Risk Intelligent Enterprise
Take the right steps 9 principles for building the Risk Intelligent Enterprise Contents 9 principles for building a Risk Intelligent Enterprise 2 The Risk Intelligent Framework 4 1. Is risk a threat or
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More informationThe State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015
The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationThe Cyber Security Leap: From Laggard to Leader. April 2015
The Cyber Security Leap: From Laggard to Leader April 2015 How do some organizations achieve better security performance? We compared organizations that were able to leapfrog their security effectiveness
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationCentral and Eastern European Data Theft Survey 2012
FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationCybersecurity Strategic Consulting
Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with
More informationCybersecurity. Considerations for the audit committee
Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationIntegrated Business Services (IBS) Next generation of high performance Shared Services. Deloitte Consulting GmbH February 2016
Integrated Business (IBS) Next generation of high performance Shared Deloitte Consulting GmbH February 2016 Go ?? Business leaders are recognizing the benefits of leveraging Shared and outsourcing consistently
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationHR Business Partnering A Custom Approach
HR Business Partnering A Custom Approach Human Resources is at a turning point CEO s expect the Human Resources function to play a much more active role in enabling business strategies. For a decade now,
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationREPORT. Next steps in cyber security
REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationFederal Cyber Security Outlook for 2010
Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government
More informationHIPAA Compliance Evaluation Report
Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationTHE WORLD IS MOVING FAST, SECURITY FASTER.
THE WORLD IS MOVING FAST, SECURITY FASTER. * COMMITTED TO SECURITY* *Committed to providing peace of mind in your digital life and business. [ 3 ] OUR MISSION TO PREVENT AND MANAGE RISKS FACED BY ORGANIZATIONS
More informationEfficacy of Emerging Network Security Technologies
Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part
More informationInternal Audit Landscape 2014
Internal Audit Landscape 2014 Agenda Examining the evolution of risk in today s digital world and the impact on traditional audit, security, risk, and compliance functions Emerging internal audit methodologies
More informationPlanning ahead Hot topics facing Financial Services organisations in IT Internal Audit
Planning ahead Hot topics facing Financial Services organisations in IT Internal Audit 2013 During Q4 2012, we surveyed Heads of IT Internal Audit at 22 global Financial Services organisations to identify
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationDefending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationThe Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013
The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach
More informationAccenture Risk Management. Industry Report. Life Sciences
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
More informationGold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary
Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationDefending yesterday. Power & Utilities. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationDefending yesterday. Technology. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More information2015 VORMETRIC INSIDER THREAT REPORT
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF
More informationAudit Capabilities: Beyond the Checklist. Niall Haddow, Business Leader Philip Young, Sr. IT Auditor Professional Strategies - Session S32
Audit Capabilities: Beyond the Checklist Niall Haddow, Business Leader Philip Young, Sr. IT Auditor Professional Strategies - Session S32 Agenda Beyond the Checklist Visa Overview Visa Internal Audit Overview
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationSecuring Industrial Control Systems Secure. Vigilant. Resilient. May 2015
Securing Industrial Control Systems Secure. Vigilant. Resilient. May 2015 Cyber Security Securing industrial control systems: Don t be a victim of cyber-attacks Cyber security Just as the workplace is
More informationWealth Advisory Services Winning with clients
Wealth Advisory Services Winning with clients About Us Deloitte, with more than 550 professionals operating out of offices in all major cities is one of the largest and fastest-growing professional services
More informationWhite Paper. Information Security -- Network Assessment
Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationCOMBATING CYBER THREATS: A HOW TO FOR THE CISO.
www.wipro.com COMBATING CYBER THREATS: A HOW TO FOR THE CISO. Gopinathan. K, Practice Head - Managed Security and Network Services, Global Infrastructure Services (GIS), Wipro Infotech Contents 02 -------------------------------------
More informationConsumer Goods and Services
Accenture Risk Management Industry Report Consumer Goods and Services 2011 Global Risk Management Point of View Consumer Goods and Services 2011 Global Risk Management Point of View Consumer Goods and
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More information