Testing Your Cybersecurity Infrastructure and Enforcement Related Developments
|
|
- Jasper Joseph
- 8 years ago
- Views:
Transcription
1 Wednesday, April 29, 2015 Testing Your Cybersecurity Infrastructure and Enforcement Related Developments Mark C. Amorosi, Investment Management Partner, K&L Gates LLP Laura L. Grossman, Assistant General Counsel, Investment Adviser Association Jason Harrell, Corporate SIRO Investment Management, BNY Mellon Jeromie Jackson- CISSP, CISM, Director of Security & Analytics, N th Generation Jeffrey B. Maletta, Securities and Transactional Litigation Partner, K&L Gates LLP Andras P. Teleki, Investment Management Partner, K&L Gates LLP Copyright 2015 by K&L Gates LLP. All rights reserved.
2 Investment Management Cybersecurity Seminar Series Overview Session 1 (February 27, 2015) Untangling the Gordian Knot Where to Begin When Building Your Cybersecurity Program Session 2 (March 23, 2015) Board and Senior Management Oversight of Cybersecurity at the Adviser, the Registered Fund and Their Service Providers Session 3 (Today) Testing Your Cybersecurity Infrastructure and Enforcement Related Developments Session 4 (May 20, 2015) Breach What to Do When Things Go Wrong and Cybersecurity Insurance Coverage Session 5 (June 25, 2015) Building a Better Mousetrap Evolving Trends in Cybersecurity Practices and Public Policy Developments klgates.com 2
3 Session 3 Topics Cybersecurity Compliance Testing under Rule 206(4)-7 and Rule 38a-1 CCO Responsibilities for Cybersecurity Matters Leveraging the OCIE 2014 Cybersecurity Sweep Examination Letter Vulnerability Assessments and Penetration Testing What are the Differences and What do these Tests Tell You about Your Cybersecurity Defenses Blackbox vs. Glassbox Testing Interpreting and Prioritizing Testing Results What the SEC, FINRA, CFTC, FTC and Other Regulators Have Said about Enforcement Priorities around Cybersecurity Cybersecurity Litigation and Enforcement Round-Up klgates.com 3
4 The Regulatory Framework
5 Cybersecurity at the Top of the SEC s Mind Corp Fin Guidance (2011) Commission Roundtable (2014) OCIE Sweep and Risk Alert (2014/15) OCIE Examination Priority (2015) Numerous references in staff remarks IM Guidance Update (New April 28, 2015) 5
6 Overview of the Legal Framework Regulation S-P (including Safeguards Rule ) Regulation S-ID (Identity Theft Red Flags) IAA Rule 206(4)-7 and ICA Rule 38a-1 (Compliance Rules) IAA Rule 204-2(g) and ICA Rule 31a-2(f) (Electronic Recordkeeping Rules) ICA Rule 30a-3 (Internal Controls) Disclosure Considerations 6
7 Overview of Legal Framework (cont d) Business continuity plans Suspicious activity reporting CFTC Regulations, Part FTC enforcement of Section 5 of FTCA Practically every state has enacted laws relating to cybersecurity, including information security program and data breach notification requirements 7
8 IM Guidance Update (April 28, 2015) SEC staff identified a number of measures that advisers and funds may wish to consider in addressing cybersecurity risk, including: Conduct a periodic assessment of: (1) the information held and systems used by the firm; (2) threats and vulnerabilities; (3) existing controls; (4) potential impact of an incident; and (5) the cybersecurity governance structure Create a strategy designed to prevent, detect and respond to threats, which may include: (1) access and technical network controls; (2) encryption; (3) restricting use of removable storage media and deploying software that monitors for threats and incidents; (4) data backup and retrieval; and (5) the development of an incident response plan. Routine testing of strategies could also enhance the effectiveness of any strategy Implement the strategy through written policies and procedures and training 8
9 IM Guidance Update (cont.) Potential implications for compliance programs and regulatory risk exposure: In the staff s view, funds and advisers should identify their respective compliance obligations under the federal securities laws and take into account these obligations when assessing their ability to prevent, detect and respond to cyber attacks.[f]unds and advisers may wish to consider reviewing their operations and compliance programs and assess whether they have measures in place that are designed to mitigate their exposure to cybersecurity risk. Staff stated that compliance policies and procedures could address cybersecurity risks relating to identity theft and data protection (Regulations S-P and S-ID), business continuity, and fraud (Codes of Ethics insider threats), as well as other disruptions in service that could affect, for instance, a fund s ability to process shareholder transactions (Section 22(e) and Rule 22c-1). 9
10 Cybersecurity Compliance Considerations under Rule 206(4)-7 and Rule 38a-1
11 Compliance Program Requirements IAA Rule 206(4)-7 and ICA Rule 38a-1 together require registered investment advisers and registered funds to (1) designate a chief compliance officer ( CCO ), (2) adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws, and (3) review annually the adequacy and effectiveness of such policies and procedures Cybersecurity compliance policies and procedures that address requirements under the federal securities laws should be included in compliance programs and evaluated as part of the annual review, which should include risk assessments, policy and procedure reviews, and service provider reviews 11
12 SEC Cybersecurity Sweep Examinations 2014: OCIE Risk Alert and Sweep Exams 2015: OCIE Sweep Exam Summary and IM Guidance Update Future Initiatives: OCIE Exam Priority for 2015 Other Regulators? SEC Sweep Exam Findings on CCO Involvement in Cybersecurity Significant majority of advisory firms assign information security responsibilities to Chief Technology Officers or to other senior officers, including Chief Compliance Officers, to liaise with third-party consultants who are responsible for cybersecurity Less than a third of the examined advisers (30%) have a Chief Information Security Officer 12
13 CCO Potential Liabilities I need to be clear that we have brought and will continue to bring actions against legal and compliance officers when appropriate SEC Enforcement Director Andrew Ceresney, Keynote Address at Compliance Week 2014 (May 20, 2014) Numerous enforcement actions against CCOs for a variety of alleged failures, including (1) failure to implement appropriate procedures to address risks and (2) failure to adequately assess effectiveness of those procedures 13
14 CCO Planning Items 1. Conduct cybersecurity risk assessment 2. Incorporate cybersecurity compliance risks into the firm s risk matrix 3. Review adequacy of policies and procedures, including those relating to cybersecurity requirements 4. Assess the effectiveness of implementation of the firm s cybersecurity policies and procedures, including testing 5. Due diligence on third party vendors 6. Incorporate cybersecurity into annual review of compliance program 7. Incident response planning 14
15 Testing Considerations Testing - Important aspect of assessing compliance programs Firms routinely conduct testing as part of annual assessment OCIE routinely asks for information about testing results in connection with inspections Common types of compliance testing: Transactional Tests Transaction-by-transaction tests conducted contemporaneously with the transaction Periodic Tests Transaction-by-transaction tests performed on a look back basis at relevant intervals, such a spot checks or random or regular detailed reviews Forensic Tests Tests that analyze data over a period of time looking for trends and patterns Traditional tests can be used in cybersecurity area (e.g., testing privilege management, document destruction, authentication procedures, red flag identification/response, physical safeguards) 15
16 Testing Considerations Specialized tests in the cybersecurity area Vulnerability Scans Automated process of proactively identifying security vulnerabilities of computing systems in a network to determine if and where a system can be exploited and/or threatened Penetration Testing An attack on a firm s information technology system conducted by an information security specialist retained by the firm with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data Advantages and disadvantages of each type of test 16
17 Cybersecurity Testing Challenges Relative lack of information security technical expertise in many compliance departments Compliance departments generally do not have experience with the specialized tests that can be used in this area Many compliance departments lack expertise to interpret the testing results Testing limitations Resource constraints 17
18 Potential Testing and Assessment Techniques Leverage OCIE cybersecurity sweep exam letter to identify and prioritize areas of focus Leverage information security resources in other parts of the organization to test compliance Add information security technical expertise in the compliance department to enhance testing capabilities Engage third parties to conduct vulnerability and penetration testing Rely on third party testing conducted for service providers Interview key personnel with cybersecurity responsibilities Observe implementation of cybersecurity policies in actual operating environment Utilize certifications and questionnaires Review management and third party reports relating to cybersecurity matters Evaluate trends in, and frequency of, exceptions or violations of cybersecurity requirements 18
19 Leveraging the 2014 SEC Cybersecurity Sweep Exam Questions to Assess Your Cybersecurity Practices
20 SEC Cybersecurity Sweep Exam Initiative The SEC s Office of Compliance, Inspections and Examinations examined 49 registered investment advisers and 57 registered broker-dealers in 2014 as part of its Cybersecurity Exam Initiative and issued a Risk Alert summarizing its observations in January Primary observations included: Most advisers (74%) reported that they have been the subject of a cyber-related incident The vast majority of examined advisers (83%) have adopted written information security policies, and over half of them (57%) audit compliance with these policies A high percentage of examined advisers report conducting firm-wide inventorying, cataloging or mapping of their technology resources The vast majority of the examined advisers conduct periodic risk assessments Almost all of the examined advisers (91%) made use of encryption in some form Approximately half of the examined advisers (53%) are using external standards and other resources to model their information security architecture and processes Approximately a third (32%) of the examined advisers require risk assessments of vendors with access to their networks Approximately a quarter of examined advisers (24%) include cybersecurity requirements in contracts with vendors Approximately a third of the examined advisers (30%) have an individual assigned as the firm s Chief Information Security Officer Written business continuity plans often address the impact of cyberattacks or intrusions, but only about half (51%) of adviser policies discuss mitigating cybersecurity incidents Approximately a quarter of examined advisers (21%) maintain insurance that covers losses and expenses from cybersecurity incidents 20
21 The 2014 SEC Cybersecurity Sweep Exam Topics The 2014 Sweep focused on the following six topics: Identification of Risks/Cybersecurity Governance; Protection of Firm Networks and Information; Risks Associated with Remote Customer Access and Funds Transfer Requests; Risks Associated with Vendors and Other 3 rd Parties; Detection of Unauthorized Activity; and Experience with Cybersecurity Attacks (network breach, malware, fraudulent transfer requests, etc.). 21
22 The 2014 SEC Cybersecurity Sweep Exam Question Highlights Baseline Inventory Questions from the Sweep (i.e., what your IT infrastructure consists of) Inventories of physical devices, systems, software platforms and applications; Maps of network resources, connections and data flows; and Logging capabilities and practices. 22
23 The 2014 SEC Cybersecurity Sweep Exam Question Highlights Protection of Firm Networks and Information Questions from the Sweep (i.e., what controls does your organization maintain) Controls to prevent unauthorized escalation of user privileges; Environment for testing and developing software separate from the production environment; Controls to prevent unauthorized changes to baseline configurations; System patching and maintenance; Protection against DDoS attacks; and Use of encryption. 23
24 The 2014 SEC Cybersecurity Sweep Exam Question Highlights Risks Associated with Remote Customer Access and Funds Transfer Requests Who provides and manages the service; How are customers authenticated for on-line account access; Security measures to protect customer pins/passwords; and Software/practices for detecting fraudulent account access. 24
25 The 2014 SEC Cybersecurity Sweep Exam Question Highlights Detection of Unauthorized Activity Maintaining baseline information about expected events on the firm s network; Monitoring the firm s network environment/physical environment; Using software to detect malicious code on firm networks and mobile devices; Monitoring for the presence of unauthorized users, devices, connections and software on the firm s networks; and Using the analysis of events to improve the firm s defensive measures and policies. 25
26 Testing Approaches
27 Testing Approaches Black Box- Assessor not given any details Grey Box- Assessor given limited knowledge White/Crystal Box- Knowledge is openly shared with assessor 27
28 Scoping Internal and/or External # of devices within the network # of locations to visit Sampling of all systems? Including workstations? 28
29 Vulnerability Assessments
30 Internal and/or External Determine in-scope environment Include external critical assets Include disaster recovery sites 30
31 Discovery Identification of Network Address Space Operating System Fingerprinting Open Ports Assess all TCP/UDP ports
32 Vulnerability Identification Top Vulnerability Categories Unpatched applications Default credentials Excessive privilege and/or services Vulnerable web application forms 32
33 Extra Tests on Internal Assessments Wireless Security Assessment Review Policies & Procedures Third Party Connectivity Vendor Management Program Disaster Recovery/Business Continuity Plan Security Countermeasure Configuration 33
34 Penetration Testing
35 Penetration Testing Combining vulnerability assessments with penetration testing 35
36 Vulnerability & Exploit Correlation Exploits coming on quickly after vulnerability release Buffer Overflows Memory Leaks Race Conditions SQL Injections 36
37 Exploitation 37
38 Credential Manipulation Brute Forcing Passwords Passing the Hash Default Passwords Cookie Harvesting 38
39 Rogue Wireless Access Point User accesses a rogue device All traffic now intercepted User still able to access systems thus believes everything is fine 39
40 Social Engineering Any act that influences a person to take an action that may or may not be in their best interest. 40
41 Remote Social Engineering Review of Online Content LinkedIn Facebook GlassDoor Twitter Creation of Custom Ruse Execution Phishing Phone Scams Fake Customer/Vendor Engagements 41
42 On-Site Social Engineering Casing of the building and learning daily office workflows Google physical mappings Building plans/blueprints/owner details Ruse development Exploitation Tailgating Planting USB/CDRom/etc. Posing as vendor/customer 42
43 Web Application Assessments Identify roles, forms and system details Run scanning tools to identify potential weaknesses Attempt exploitation to gain system or data access Cross-Site Scripting SQL Injection Role Escalation API Abuse 43
44 Physical Security Red Team or Physical Security Walkthrough Assess Locks Doors Windows Physical Security Badging Hinges Cameras Motion Sensors Other 44
45 Enforcement and Litigation Outlook
46 Cybersecurity Enforcement SEC Activity Has Been Limited Principally Violations of Reg S-P Safeguards Rule Focus on Failure to Address Known Deficiencies Actions Predate Current Regulatory Focus FTC Remains Most Aggressive Agency 46
47 Safeguards Rule: 17 CFR (a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to: (1) Insure the security and confidentiality of customer records and information; (2) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (3) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. 47
48 Who is Covered Customers are consumers individuals with a continuing relationship under which you provide financial products or services that are used primarily for personal, family, or household purposes. (i) An individual is your consumer if he or she provides non-public personal information to you in connection with obtaining or seeking investment advice. (ii) An individual is not your consumer if you are an investment company and individual purchases through a broker dealer or investment adviser who is the record owner. 48
49 SEC Actions Against Advisers LPL Financial Corporation, Adm. Proc. File No , IA Rel. No. 2775, (Sept. 11, 2008) Deficiencies identified by internal audit Failure to use strong passwords. Passwords widely disseminated. Excessive session inactivity parameters. Unauthorized persons gain access and place unauthorized trades Settled order imposes $27,000 fine and independent consultant for two years 49
50 SEC Actions Against Advisers (cont.) Commonwealth Equity Services Adm. Proc , IA Release No. 2929, (September 29, 2009) Dual registrant failed to mandate antivirus software use by registered representatives IT staff failed to follow up aggressively to registered representative s report of virus and requests for assistance Intruder gained access through virus and placed 18 orders for a single stock in customer accounts Clearing broker detected trades and further activity blocked Firm fined $100,000 50
51 FINRA Enforcement FINRA actions involve Safeguards Rule and NASD Rules 3010 and 3012 on supervisory responsibility Actions focus on deficiencies in programs, even in the absence of customer harm: Only general vague summary policies that do not contain specific procedures on safeguarding of information Policies provide guidance, recommendations, and suggestions as opposed to mandates Lack of encryption, antivirus protection Lack of training, lack of response planning Failure to monitor or review or respond to deficiencies 51
52 SEC Actions Against Hackers SEC has pursued hackers without sanctioning firms Overseas hackers amass large penny stock position in legitimate online accounts Take control of online brokerage accounts to buy large quantities of these securities to inflate price Sell holdings from legitimate accounts SEC v. Marimuthu, C.A. No. 8:07CV94 (D. Neb. March 12, 2007)(innocent account holders lost $845,000); SEC v. Grand Logistic, Inc., C.A. No. 06-cv (S.D.N.Y. Dec. 16, 2006) 52
53 CFTC Enforcement In the Matter of Interbank FX, LLC, CFTC Docket No (June 29, 2009) CFTC Regulation requires that FCMs, CTAs, CPOs and introducing brokers adopt policies and procedures that address the administrative, technical, and physical safeguards for the protection of customer records Firm had no policy or procedures concerning the protection of consumer personal identifying information (PII) While working on a systems upgrade, a software engineer is provided access and downloads PII for 13,000 customers to personal website 53
54 FTC Enforcement Section 5 of FTCA outlaws unfair or deceptive acts or practices affecting commerce FTC is the most aggressive enforcer Fifty cases since 2000 Defective data security practices Deceptive statements about use Far reaching remedies Authority challenged in FTC v. Wyndham Resorts (3d Cir.) and In the Matter of Lab MD, Inc. (FTC) Section 5 unfairness does not reach data security defects No fair notice of what data security practices Section 5 forbids 54
55 Predictions SEC enforcement staff has been largely silent on cybersecurity investigations SEC will continue focus on protecting individual information and assets SEC will examine firms critical infrastructure that may or may not relate directly to customer accounts or identities SEC will use compliance rules to bring cases based on failures to adopt reasonably designed procedures addressing topics covered in guidance 55
56 Civil Litigation Class actions by customers Derivative actions against directors and officers Securities actions Lawsuits between targets and banks 56
57 Civil Litigation Target Consumer Settlement Over 100 million individuals affected Settlement fund of $10 million Claims up to $10,000 on showing of actual loss Target/Mastercard Settlement Small institutions object to settlement Small institutions have higher per card losses Settlement would release further claims by small issuers 57
58 Key Takeaways and Next Steps
59 Session 3 Key Takeaways VULNERABILITY / PATCH MANAGEMENT - The identification and remediation of known software weakness Scan all internal and external systems to identify missing software patches Identify software and hardware that is no longer supported by the vendor. Unsupported software does not have patches developed by the vendor Have a documented process for how patches are implemented on your system from patch identification to implementation Request reporting PENETRATION TESTING - The identification and remediation of application functionality flaws (e.g., default configurations, application processing errors) that may lead to application compromises Consider using a reputable 3 rd party to conduct these reviews Start with external, internet facing applications that allow for the movement of funds and/or access personal information (FFIEC) then focus on critical internal applications Make certain that you are clear on what the results mean (i.e., business impact of risk exposure) Develop remediation of identified gaps 59
60 Session 3 Key Takeaways (cont.) WIRELESS ACCESS TESTING The identification and remediation of gaps related to the use of wireless devices Determine / identify the company stance on the use of wireless networks Does your company permit wireless access points on its network for internal employees? Does your company provide wireless access points on its network for guests or visitors? Is the wireless network for guests / visitors segmented off the internal network? Identify a reputable 3 rd party vendor to test your network against the policy / company posture and identify gaps Develop a project plan to remediate these gaps SOCIAL ENGINEERING Any attempt to trick or deceive an individual to provide information (e.g., account information) or conduct an action (e.g., clicking a malicious link) that may lead to personal or corporate harm Identify how these attacks may happen within your company. (e.g., , phone, client authentication) Determine what your company and its clients can do to protect themselves Develop training to educate the company on how to protect themselves (ongoing) Develop training to educate your clients on how to protect themselves (ongoing) Develop testing to determine training effectiveness 60
61 Next Steps for Advisers and Funds 1. Engage senior management and, if appropriate, the board of the adviser and any funds in the complex 2. Conduct a cybersecurity governance and risk assessment 3. Review and test the adequacy of existing compliance policies, business continuity plans, technical controls and other relevant procedures 4. Develop an incident response plan 5. Enhance employee training 6. Review vendor relationships 7. Review insurance coverage 8. Assess need for, and adequacy of, any public disclosures 9. Attend upcoming K&L Gates and Investment Adviser Association Cybersecurity Seminar Series programs 61
62 Cybersecurity Seminar Series Overview Session 1 (February 27, 2015) Untangling the Gordian Knot Were to Begin When Building Your Cybersecurity Program Session 2 (March 23, 2015) Board and Senior Management Oversight of Cybersecurity at the Adviser, the Registered Fund and Their Service Providers Session 3 (Today) Testing Your Cybersecurity Infrastructure and Enforcement Related Developments Session 4 (May 20, 2015) Breach What to Do When Things Go Wrong and Cybersecurity Insurance Coverage Session 5 (June 25, 2015) Building a Better Mousetrap Evolving Trends in Cybersecurity Practices and Public Policy Developments klgates.com 62
63 Speaker Contact Information Mark C. Amorosi, Investment Management Partner, K&L Gates LLP Laura L. Grossman, Assistant General Counsel, Investment Adviser Association Jason Harrell, Corporate SIRO Investment Management, BNY Mellon Jeromie Jackson- CISSP, CISM, Director of Security & Analytics, N th Generation x135 jeromie.jackson@nth.com Jeffrey B. Maletta, Securities and Transactional Litigation Partner, K&L Gates LLP jeffrey.maletta@klgates.com Andras P. Teleki, Investment Management Partner, K&L Gates LLP andras.teleki@klgates.com 63
64 Additional Cybersecurity Resources To access our firm s additional cybersecurity related recorded webinars, presentations, articles and checklists please visit 64
65 THANK YOU
66
Attachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationPROPOSED INTERPRETIVE NOTICE
August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationHEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationCybersecurity Risks, Regulation, Remorse, and Ruin
Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross
More informationBackground. 9 September 2015. Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Finance
9 September 2015 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Finance Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationThe Problems With SEC s Cybersecurity Approach
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationNetwork Security Audit. Vulnerability Assessment (VA)
Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationData Privacy and Gramm- Leach-Bliley Act Section 501(b)
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
More informationClient Update SEC Releases Updated Cybersecurity Examination Guidelines
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationHow To Protect Yourself From Cyber Threats
Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationRegulatory focus on cybersecurity is intensifying.
The Investment Lawyer Covering Legal and Regulatory Issues of Asset Management VOL. 21, NO. 8 AUGUST 2014 Developments in Cybersecurity Law Governing the Investment Industry By Luke T. Cadigan and Sean
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationIT Security to Combat Today s Cyber Fraud
IT Security to Combat Today s Cyber Fraud Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting - O Connor Davies, LLP Timothy M. Simons, CPA, CFA, CIPM, CSCP, CFP Senior Managing
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationStatement of the Investment Company Institute. ERISA Advisory Council Working Group on Privacy and Security Issues Affecting Employee Benefit Plans
Statement of the Investment Company Institute ERISA Advisory Council Working Group on Privacy and Security Issues Affecting Employee Benefit Plans September 1, 2011 (Submitted August 30, 2011) The Investment
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCORE Security and GLBA
CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationSecurityMetrics Vision whitepaper
SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,
More informationEvaluation Report. Office of Inspector General
Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationCybersecurity: Recent CFTC and NFA Activity
Cybersecurity: Recent CFTC and NFA Activity September 11, 2015 Futures and Derivatives Commodity Futures Trading Commission (CFTC) Chairman Timothy Massad recently announced that cybersecurity in the futures
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationHow a Company s IT Systems Can Be Breached Despite Strict Security Protocols
How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good
More informationCurrent Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
More informationSUPPLIER SECURITY STANDARD
SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationA Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014
A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives
More information