Global Security Program Overview
|
|
- Helena Marsh
- 8 years ago
- Views:
Transcription
1 STATE STREET GLOBAL SECURITY Global Security Program Overview ASIS International Kansas City Chapter March 5, 2015 Stephen D Baker CPP Vice President & Deputy Chief Security Officer
2 About State Street A global leader providing Financial Services to Institutional Investors Fiduciary heritage since 1792 About 29,665 employees in 29 countries Core business managing and servicing financial assets Operating globally in more than 100 geographic markets $28.2 trillion of assets under custody and administration (AUC/A) $2.5 trillion of assets under management (AUM) Our powerful global franchise sets us apart in meeting the needs of Institutional investors 2
3 Financial Services Security Program Advantage State Street is designated as a systemically important financial institution both in the US and Globally Regulated by the SEC Regulated by the Federal Reserve Regulated by many State Organizations Regulated by International Agencies and Authorities Country and State Legislative Oversight Financial Services Critical Infrastructure Strong Corporate Governance Audited by Internal and External Auditors Driven by Strong Control Environment Audited by Customers via Customers Internal and External Auditors 3
4 A strong legacy of protection GLOBAL SECURITY Global Security protects State Street s people, clients, assets, information, continuity of operations and reputation through the development and management of security programs and services worldwide A history of consistent performance 4
5 Organizational Overview Chief Legal Officer Chief Security Officer Jack Eckenrode Security Programs, Systems & Technology Stephen D. Baker Security Operations & Systems Incident Mgmt. & Response Preparedness Infectious Disease Mgmt. Safe Travel & Safe Workplace Investigations Jack Eckenrode Background Investigations & Due Diligence Cyber Investigations & ediscovery Traditional Investigations Policies, Standards, Risk Assessments & Strategies Vendor Risk Management Executive Protection EMEA & Asia Pacific Security 5
6 Global Security Program Benefits Value Reduce Company Liability Reduce Insurance Rates Protect Physical Assets Protect Trade Secrets Assurance Investor Confidence Customer Confidence Continuity of Operations Company Reputation Employer of Choice Employee Confidence- Productivity Stakeholder Analytics 6
7 Cost vs. Benefit Security can properly protect any asset However, it may take a pot of gold! Proper balance of cost and acceptance of risk is essential Use a standard of reasonableness Partner closely with internal business partners and management to agree on an appropriate course of action Risk assessments include: Crime Demographics Socio-Economic Landscape Resource Availability Travel Risk Health Risk Geo-Political Risk Terrorism Risk Environmental Risk 7
8 Physical Security Programs and Services A Commitment to a Best in Class Program Regional security teams supported by global centers of excellence Americas Regional Security Teams EMEA Regional Security Teams Global Functions Asia-Pacific Regional Security Teams Corporate Information Systems Global Realty Services Global Human Resources Corporate Audit Corporate Finance Cyber & Traditional Invest. Background Investigation Incident Mgmt. & Response Executive Protection Security Operations Security Systems & Technology Safe Travel Program Balancing cost, risk and business requirements when developing,. managing and delivering programs and services 8
9 Major Program Areas Protective Services Physical Security Operations & Systems Workplace Safety Programs Travel Security / Executive Protection Incident & Infectious Disease Response Investigative Services Background Screening / Due Diligence Fraud & Misconduct Inquiries Data Loss Monitoring & Cyber Investigations Litigation Support (ediscovery / Forensics) Strategy & Initiatives Security Risk Strategies & Assessments Policy Management & Industry Standards Vendor Security Risk Programs Metrics, Compliance 9
10 Global Security Infrastructure Over 50 servers 60+ SharePoint solutions Multiple cyber labs Multiple fire walls Multiple networks Controllers & intelligent panels Vulnerability and patch systems Network analytics Several thousand global endpoints One Business Intelligence System 10
11 Background Investigations Credit Check Criminal Check Educational Check Previous Employment Personal References OFAC E-Verify Due Diligence (Know Your Customer) Investigations Disqualifiers Substance abuse convictions Violent crimes Crimes of dishonesty Computer crimes OUI / DUI convictions (2) Bad Debt ($5,000), Lien or civil judgment (no threshold) Application Misrepresentation 11
12 Cyber Investigations Detect, Analyze, Respond, Defend, and Investigate Cyber Incidents or Threats Key word monitoring Specific threats & Inappropriate business references File transfer monitoring Threats (internal / external) Appropriate use and standard of conduct Follow-up review Evidence acquisition E-Discovery Proprietary thefts Economic espionage 12
13 Traditional Investigations Investigate actual or suspected crimes and/or misconduct Employee Misconduct (Standard of Conduct Violations) Workplace Safety / Threats of Violence Threat Management and Response Plans Thefts/Misappropriate of Company Assets Harassment Fraud / Money Laundering / Corruption Other 13
14 Collaborative Functional Engagement Investigates, reviews, deliberates, reports and recommends actions Global Security Corporate Legal Global Human Resources Employee Relations Corporate Audit 14
15 Vendor Risk Management Global Security works with other functions as part of a comprehensive Vendor Risk Assessment Management Program of State Street s vendors Vendor Security Risk Assessments Physical Security Program Background Check Investigations Our dual program approach is designed to assure our third-party vendors have risk based programs thereby reducing exposure to economic, reputational and regulatory risk. 15
16 Design Criteria and Physical Security Standards* Site Security (24x7 Monitoring or On-Site Staff) Card Access Video and Recording Alarm Systems Lobby Security Dock Security Bollards, Barrier, Boulders, etc. Locking Hardware Demising Walls Protective Window Film Ion Detection Biometrics Elevator Secure Lobbies Physical Elements & Technology (Homeland Security) * Application is based on risk, etc. 16
17 Additional Global Security Programs Badge ID Operations Multiple Technology Card used Worldwide Authorized Signers Quarterly Access Control Reviews Automated HR feeds Joiners and Leavers Blocking Security Control Center Operations 24 X 7 X Quincy, London, Sydney Executive Protection Senior Executives Board of Directors Travel to Countries of Risk 17
18 Additional Global Security Programs continued Infectious Disease Infectious Disease Consultant Incident Response Team Incident Management and Emergency Response Monitor local, US and World Events Fire Life Safety and Evacuation Programs Semi-annual Evacuation Drills Safe Workplace Training and Awareness Programs Joint Intelligence Partnership US Attorney, FBI, USSS, DHS, etc. Massachusetts State Police, Boston Police, Transit Police Massport / Logan Aviation and Port Security Authorities Vendor / Partners 18
19 Additional Global Security Programs continued Travel Security Country Risk Assessment Traditional Investigations Fraud, Theft, Policy Violation Special Event Security Customer Events, Shareholder Meetings, Executive Events Risk Assessment & Intelligence Control Risks, Air Security, USHS, BRIC, NC4, DOS, Fusion Centers Technical Countermeasures Venue Search Bomb CBRN Assessment Ion Detection, Bomb Dogs, X-Ray 19
20 Global Security Internal & External leadership involvement State Street Committees & activities: Operational Risk Committee Scenario Analysis Frequency and correlation Client Assurance Team TPRM Steering Committee Country and Counter party risk Data Center strategy Steering committee Information security steering committee Business Continuity Steering committee GHR logistics steering committee Industry committees and activities: ASIS Leadership management practices council Vice Chair ASIS KC Chapter Chair ASIS CSO roundtable Liaison ASIS technical standards committee(s) ASIS Banking and Financial council 2014 Webinar 2014 Annual conference presentations 20
21 Global Security Industry Certifications & Awards Industry Awards: Security 500 Top Security Organizations 2011, 2012, 2013 & 2014 Top Security Leaders award 2012 & 2013 Security magazine 2014 Security 500 Financial Services Thought Leader Stephen D. Baker, CPP Industry Certifications: Certified Protection Professional Certified Information Systems Security Professional Certified Physical Security Professional Certified Fraud Examiner 21
22 Conclusion Questions? 22
JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationAligning Compliance Program Priorities with Business Objectives
Aligning Compliance Program Priorities with Business Objectives By Jay G. Martin Vice President, Chief Compliance Officer and Senior Deputy General Counsel Baker Hughes Incorporated CAIL Institute for
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationArizona Counter Terrorism Information Center
Arizona Counter Terrorism Information Center VICTORY THROUGH COOPERATION USDOJ/BJA Regional Information Sharing Conference Norman Beasley Maricopa County Sheriff s Office The Creation of ACTIC 911 Commission
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationISACA Kampala Chapter Feb 2011. Bernard Wanyama Syntech Associates Limited
ISACA Kampala Chapter Feb 2011 Bernard Wanyama Syntech Associates Limited Agenda 1. ERP: What is it? 2. ERP: Examples 3. Security: Definitions, Triads & Frameworks 4. Security: Control Framework 5. Traditional
More informationThe rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions
The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationTen Steps for Preventing a terrorist Attack
WAR IN IRAQ AND ONGOING THREAT OF TERRORISM COMPEL NEW URGENCY TO MISSION OF SECURITY AND PROTECTION C-level Executives, Companies Should Take Specific Actions to Protect Employees and Help Ensure Business
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationMETRICS AND ANALYSIS IN SECURITY MANAGEMENT
WHITE PAPER METRICS AND ANALYSIS IN SECURITY MANAGEMENT By Brian McIlravey, CPP and Peter Ohlhausen About the Authors: Brian McIlravey, CPP, is Co-CEO of PPM 2000 Inc. (www.ppm2000.com) and is responsible
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationEstablishing a State Cyber Crimes Unit White Paper
Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center
More informationSecurity Risk Assessment Tool
Security Risk Assessment Tool Version: (Draft) 24 April 2014 This tool was developed by the ACT Safety & Security Community of Practice (SSCP) for use by ACT Alliance members and partners. 1. Purpose of
More informationForensic Services. Third Party Risks. March 2013
Forensic Services Third Party Risks Landscape of third party risk Focus on third parties that: perform functions on behalf of the company provide products and services that the company does not originate
More informationWhite Paper: The Seven Elements of an Effective Compliance and Ethics Program
White Paper: The Seven Elements of an Effective Compliance and Ethics Program Executive Summary Recently, the United States Sentencing Commission voted to modify the Federal Sentencing Guidelines, including
More informationBenefits of Big Data Analytics in Security Helping Proactivity and Value Creation. June 2015
Benefits of Big Data Analytics in Security Helping Proactivity and Value Creation June 2015 The Security Landscape Held the door to let 5 people into the data center Who, Where, Why, For How Long & Who
More informationCOMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS
Department of Health and Human Services CENTERS FOR MEDICARE & MEDICAID SERVICES COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS March 2005 TABLE OF CONTENTS INTRODUCTION...3 ELEMENTS
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCybersecurity Opportunities. Presented to: National Professional Science Masters Association November 13, 2013
Cybersecurity Opportunities Presented to: National Professional Science Masters Association November 13, 2013 Overall Themes For Discussion Advice for Grads Your Degree Is A Place To Start. It does not
More informationEducation Security Solutions YOUR PARTNER OF CHOICE. Challenging Times Call For Uncompromising Solutions
Education Security Solutions YOUR PARTNER OF CHOICE Challenging Times Call For Uncompromising Solutions From small schools to multi-campus universities, providing a safe, secure learning environment within
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationEnCase Enterprise For Corporations
TM GUIDANCE SOFTWARE EnCASE ENTERPRISE EnCase Enterprise For Corporations An Enterprise Software Platform Allowing Complete Visibility Across your Network for Internal Investigations, Network Security,
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationCISM (Certified Information Security Manager) Document version: 6.28.11
CISM (Certified Information Security Manager) Document version: 6.28.11 Important Note About CISM PDF techexams CISM PDF is a comprehensive compilation of questions and answers that have been developed
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS European Security Conference & Exhibition Gothenburg, April 15, 2013 Torsten Wolf Group Head of Crime and Fraud Prevention Agenda Introduction Economic Crime
More informationWhite Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX
White Paper Achieving SOX Compliance through Security Information Management White Paper / SOX Contents Executive Summary... 1 Introduction: Brief Overview of SOX... 1 The SOX Challenge: Improving the
More informationComputer Forensics Preparation
Computer Forensics Preparation This lesson covers Chapters 1 and 2 in Computer Forensics JumpStart, Second Edition. OBJECTIVES When you complete this lesson, you ll be able to Discuss computer forensics
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationunderstanding and managing enterprise risk; evaluating organizational structure and communications; assessing and handling insider threats;
GermanoLawLLC provides client- focused counsel and assistance regarding cybersecurity and data privacy concerns. We help companies understand, prepare for and address internal and external cybersecurity
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationOrganizational Security Track FAQ
Organizational Security Track FAQ What do organizational security management professionals do? Organizational security management professionals are employed by organizations (corporations, partnerships,
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationTackling fraud in the charity sector Making your money count
Supported by Tackling fraud in the charity sector Making your money count Friday 30 October 2015 Royal College of Physicians, London A conference run by the charity sector for the charity sector About
More informationThe structure and organization of the Fusion Center takes its direction from four key documents, they are:
The structure and organization of the Fusion Center takes its direction from four key documents, they are: Northern Operational Office MISSION We incorporate information and utilize relationships formed
More informationCYBER SECURITY A L E G A L P E R S P E C T I V E
A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationGLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
More informationTask Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare
CIO-SP 3 Task Areas Ten task areas constitute the technical scope of this contract: Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare The objective of this task area is
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationKIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm
KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm HOUSTON AUSTIN KIMMONS INVESTIGATIVE SERVICES, INC. HIGHLY RESPECTED, SKILLED TEAM OF INVESTIGATORS Rob Kimmons,
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationKIMMONS INVESTIGATIVE SERVICES, INC.
KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm HOUSTON AUSTIN National & Worldwide Affiliates KIMMONS INVESTIGATIVE SERVICES, INC. HIGHLY RESPECTED, SKILLED TEAM
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationCompilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms
Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms September 2014 rth American Securities Administrators Association www.nasaa.org About
More informationShort courses presented by the NWU Programme in Forensic Accountancy
Short courses presented by the NWU Programme in Forensic Accountancy Certificate in: Commercial Forensic Accounting Commercial Forensic Law Commercial Forensic Investigation Commercial Forensic Information
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationFirst Pacific Islands Capacity Building Workshop on Child Online Protection
First Pacific Islands Capacity Building Workshop on Child Online Protection Extracting Intelligence to Turn the Tables on Child Abuse Material Traffickers. Dr Allan Watt Centre for Policing, Intelligence
More informationLaSorsa & Associates
Practical Training Solutions for Today's World Reality - Efficiency - Survivability LaSorsa & Associates Executive Protection Consulting & Risk Mitigation SIGN UP NOW Evasive Driving Medical Response TECHNICAL
More informationThe Evolution of HR Audits
Laurdan Associates, Inc. Editorial for HRM Website The Evolution of HR Audits Evolution is a process of change. Over the last 25 years we have seen significant change in the HR auditing process, the value
More informationCybersecurity Awareness
Awareness Objectives Discuss the Evolution of Data Security Define Review Threat Environment Discuss Information Security Program Enhancements for Cyber Risk Threat Intelligence Third-Party Management
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationFrom Big Data to Rich Data How Data Analytics Add Value to Security Risk Management. Patrick Hennies, Rainer Rex 15th European ASIS, 04/08/2016
How Data Analytics Add Value to Security Risk Management Patrick Hennies, Rainer Rex 15th European ASIS, 04/08/2016 Who we are Global leading positions in consumer and industrial businesses Consumer Businesses
More informationAND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified
CYBER THREATS AND RESPONSE Continuity Insights Conference Chicago June 18-19, 2013 Unclassified OBJECTIVES Why it is important Threats, players, and response FBI s Next Generation Cyber Government and
More informationEl Camino College Homeland Security Spring 2016 Courses
El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore
More informationCybersecurity Awareness. Part 2
Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationSCHEME OF EXAMINATION PG DIPLOMA IN CORPORATE AND INDUSTRIAL SECURITY MANAGEMENT (PGDCISM) ONE YEAR PROGRAMME
62 SCHEME OF EXAMINATION PG DIPLOMA IN CORPORATE AND INDUSTRIAL SECURITY MANAGEMENT (PGDCISM) ONE YEAR PROGRAMME Note: 1. There will be 70 multiple choice questions (MCQ s) in the question paper consisting
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationWorking with the Federal Government on Cybersecurity
O B S I D I A N C Y B E R S E C U R I T Y O C C A S I O N A L P A P E R Working with the Federal Government on Cybersecurity Preparation is Key to Success December 5, 2013 Table of Contents CONSIDER THIS...
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationOffice of Compliance and Ethics Introductory Report. Lynette Fons, Chief Compliance Officer
Office of Compliance and Ethics Introductory Report Lynette Fons, Chief Compliance Officer Why the Office of Compliance and Ethics was Created The City operates in a highly complex regulatory environment
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS
APPENDIX I ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS As of December 14, 2011 1. Introduction This Code of Business Conduct and Ethics ( Code ) has been adopted by our Board of Directors
More informationSecurity Measures at Toronto Public Library
STAFF REPORT INFORMATION ONLY 14. Security Measures at Toronto Public Library Date: February 27, 2012 To: From: Toronto Public Library Board City Librarian SUMMARY The purpose of this report is to provide
More informationCorporate Compliance Australia. 5 Essential Elements of Compliance
Corporate Compliance Australia 5 Essential Elements of Compliance Today s multinational companies must contend with an ever-changing number of compliance requirements that seem to multiply daily. Australian
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationCyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks?
Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks? August 27, 2014 Presented by: Terry Ammons, Partner, Porter Keadle Moore Tim Davis, Senior,
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT
PAGE 6 of 51 SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Statement of Work This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationCYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison
CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers
More information1. Compliance with Laws, Rules and Regulations
CODE OF BUSINESS CONDUCT - EXAMPLE INTRODUCTION This Code of Business Conduct covers a wide range of business practices and procedures. It does not cover every issue that may arise, but it sets out basic
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationSTATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME
STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME MAY 2004 Page 1 of 7 State of New Hampshire Strategic Plan to Address Cyber Crime May 2004 Introduction Cyber crime, or more broadly, electronic
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationINTEGRITY DUE DILIGENCE GUIDELINES FOR LENDING TRANSACTIONS
INTEGRITY DUE DILIGENCE GUIDELINES FOR LENDING TRANSACTIONS Introduction The Bank's mandate is to promote sustainable growth of its member countries by providing longterm financing to projects that strengthen
More informationThe Clearwell ediscovery Platform
The Clearwell ediscovery Platform Delivering Intelligent ediscovery Clearwell has been instrumental in helping us manage our in-house ediscovery practice, saving NBC Universal valuable resources in people
More informationInsert Client Name Request for Proposal for Security Risk Assessment Services Consulting
Insert Client Name Request for Proposal for Security Risk Assessment Services Consulting Release Date: Closing Date: SUBMIT THE PROPOSAL TO: Insert Name Insert Title Insert Email or Physical Address Table
More informationEric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas
Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas Dallas, Texas Objectives The purpose of this presentation is to develop a general awareness of DLP/SIEM
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationAnti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012
Anti-Fraud Management Example In Accounts Payable Michael Heckner October 12, 2012 GRC Top Reasons Customers Invest Today Business Process Improvements Systematic, reliable processes Improve predictability
More informationExploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future
Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future Julian Lovelock ActivIdentity, part of HID Global Session ID: SPO2-106 Session Classification: Intermediate
More informationREPORT ON ETHICS COMPLIANCE 04/02/15
REPORT ON ETHICS COMPLIANCE 04/02/15 CONTENTS A. Online training on the Iberdrola Code of Ethics and IUSA Networks Annex to the Code of Ethics. 3 B. Reports made to the Compliance Unit for the purpose
More information