CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO"

Transcription

1 CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM

2 CYBER, INFORMATION SECURITY - OVERVIEW A cyber security breach is no longer just an IT problem. It can cause significant reputational and share price damage, compromise strategic negotiations or transactions, provide an opportunity for a class action, result in market disclosures and compliance breaches, and undermine years of research and development. It demands the CEO and Board s attention. Cyber attacks on companies rose by 15% last year while efforts to penetrate some sectors rose by 600%. At JP Morgan the names, addresses, telephone numbers and s of 76m households were stolen. At US retailer Target, a similar attack caused a crisis in shareholder confidence and led to the CEO losing his job. The widely publicised attack on Sony Pictures had a similar impact. In a typical company, a board director, CEO, CFO and CTO now has to be prepared for such threats on a daily basis. To do this, vulnerabilities must be identified and addressed without compromising their business. Locking down a system to make it invulnerable to cyber attack can hinder a company s commercial operations. Good cyber security is just as dependent on people and process as technology. Making sense of cyber security Customer, supplier and shareholder confidence Continuing advice and support We enable CEOs and the board to take control of cyber security governance by demystifying cyber security. We help companies categorise and protect their most sensitive information assets and explain technical and other areas of concern. It is not always necessary to perform complex network redesign or other expensive solutions to protect adequately from cyber attack. We focus on threats to commercial areas which really matter revenue, earnings, cash flow as well as ensuring compliance with existing standards such as ISO and the EU Network and Information Security Directive. We act as an accessible, impartial advisor to senior executives helping determine how an attack might best be avoided, the appropriate levels of response and the work involved in protecting against future incursions.

3 CYBERSTRAT SENIOR TEAM Our senior team gained their experience in the intelligence sector, giving them significant exposure to the threat environment and the processes to deal with it. This distinguishes us from other cyber security providers operating out of an accounting, auditing or wider consultancy base. Our broader team comprises cyber intelligence experts, training specialists and training practitioners. Dave Woodfine Formerly senior officer cyber command UK Ministry of Defence Led implementation of the UK National Cyber Security Programme Member UK Computer Emergency Response Team Advisor to industry (defence companies, Bank of England, FTSE250) on cyber security strategy Tim Scully Director of Australian DoD intelligence & cyber security Founder & CEO Stratsec (later BAE Systems Australia Head of Cyber Security) Huge experience advising board level executives and government officials on cyber security issues Has run several large cyber security training programmes James Griffiths CyberStrat technical director Over 17 years experience in the technical cyber and information assurance fields. Previously UK Ministry of Defence and the Joint Cyber Unit at GCHQ. Extensive knowledge of both the offensive and defensive cyber frameworks in banking Ian McCredie Former senior UK intelligence officer based in Washington DC Previously head of national security at Shell with responsibility for cyber security and risk management Lectures frequently at board level on cyber security issues in the UK and US Patrick Naegeli Experienced strategy advisor, senior partner in global consulting firm and co-founder of GMTL Defence/government advisor on cyber & information security Corporate advisor on M&A, technology and corporate development Simon King Experienced strategy adviser and former partner at top UK corporate intelligence firm Advisor to UK government on cyber and information security strategy Completed several international cyber security studies involving best practice, technology development, market dynamics and M&A

4 SELECTED CYBERSTRAT EXPERIENCE LARGE UK FINANCIAL INSTITUTION Review and refinement of Secure Operations Centre (SOC) procedures and capabilities Cyber security training of relevant personnel Scenario planning and forecasting of future threat environment CyberStrat continue to do a great job for us in helping to promote awareness of specific cyber issues as well as providing some specialised technical support. UK financial institution exec MAJOR EUROPEAN DEFENCE & SECURITY COMPANY UK CRITICAL NATIONAL INFRASTRUCTURE ORGANISATION Adjudication of third party specialist cyber security providers Red team reviews of potential procurement options Support in management of Secure Operations Centre (SOC) Design of a practical engagement schedule between the CEO, Board, IT practitioners and employees on cyber security Advice on areas of cyber-compliance, under both UK and EU law, (e.g. Network and Information Security Directive (2013/0027 COM (2013) 48). Review of cyber security best practice. The CyberStrat team really helped us get the most our of our existing specialist suppliers as well as provide very helpful support around the running of our SOC. CTO European defence org

5 RECENT CYBER ATTACKS - EXAMPLES There are two kinds of big companies in the U.S. Those who've been hacked by the Chinese, and those who don't know they've been hacked by the Chinese." - James Corney, FBI Chief Several attacks took place in August 2014 against large financial institutions. JP Morgan reported that it had suffered one of these attacks resulting in user contact data being breached, affecting approximately seven million small businesses. Attacker: Likely to have been a collaborative strategic attack aimed at several financial companies. Fallout: Negative brand impact in addition to the expense of providing affected clients with financial data monitoring services. Korea Credit Bureau. A 2014 hack put 20 million clients personal data at risk. This included user addresses and account numbers at banks partnered with KCB. Approximately 104 million card numbers were compromised. Attacker: Disgruntled KCB employee who, over the course of 18 months, copied customer client data via an external hard drive. Fallout: Resignation of three top KCB executives. 145 million customer accounts hacked last spring. The attack was the result of cross-site scripting, a stealthy exploit that redirects users to "spoof" sites mocked up to resemble a legitimate checkout page where they divulge sensitive billing information. Attacker: Unsolved -- remains unknown. Fallout: EBay claims no social security or account numbers were taken, but it's likely that hackers gained access to certain user data including encrypted passwords, , birth dates and addresses opening up the possibility of a second phase of exploits. Attack occurred between April and September 2014, impacting 56 million consumers' payment card data across the retailer's North America and Canada locations. Attacker: Unsolved -- remains unknown Fallout: Major media attention. Costs to alert customers regarding the fraudulent unauthorized access to payment card data that may have impacted credit and debit card purchases.

6 THE GENERAL CYBER SECURITY ENVIRONMENT THREATS + VULNERABILITIES VALUES AT RISK RESPONSES HACKTIVISM CORPORATE ESPIONAGE STATE SPONSORED TERRORISM CRIMINAL PEOPLE PROCESSES TECHNOLOGY ASSETS REPUTATION FINANCIAL PERSONNEL CUSTOMERS TRADITIONAL COMMUNITY SYSTEMIC POLICIES REGULATIONS GOVERNANCE INFORMATION SHARING MUTUAL AID COORDINATED ACTION RISK MARKETS EMBEDDED SECURITY Insider threat known Other issues not recognized/understood (e.g. social media) Constant technology development (mobile, cloud, Big Data, etc.) Compliance breaches Loss of confidence IP loss Share price damage Increasingly coherent & joint Good practice is now the norm Mandatory in all but name

7 DIFFERENT SECTORS HAVE DIFFERENT SECURITY PRIORITIES Levels of awareness, preparedness and effective investment vary across sectors, as does the procurement of 3 rd party services. Public sector Security/intelligence agencies Departments handling sensitive public data Continued use of outsourcing Procurement through frameworks Defence/security sectors (Tiers 1 & 2) High levels of awareness of technical issues, increasing understanding of non-technical areas Influenced by international considerations Work closely with government on sector-level issues Use large/prime contractors Large company Information dependency varies, but issues are relevant to all sectors Concerns extend from business to control systems Utilise consulting/technology service providers Small company Increasingly digital, but low levels of security awareness Buy-in security as part of a package Limited in-house expertise or resource

8 CYBERSTRAT OFFERS A SET OF WORK PACKAGES DISCOVERY REALISATION ASSURANCE Explaining cyber to your board Cyber infrastructure review Cyber road map Strategic cyber review & compliance assessment Cyber infrastructure protection Testing and certification Cyber intelligence assessment Cyber security training Horizon scanning

9 PACKAGE ONE: CYBER DISCOVERY EXPLAINING CYBER TO YOUR BOARD STRATEGIC CYBER REVIEW & COMPLIANCE ASSESSMENT Understanding the motives and types of cyber attacks can often be drawn into technical and laboured discussions. Our Executive Cyber Scenario Based Planning service details the most likely cyber attacks that you might face. We explain the different motives and attack methods that can be used as well as the potential impact on your business. Board level executives end up with a comprehensive understanding of what cyber security is about. Cyber security compliance standards (e.g. EU Network and Information Security Directive 2013, ISO 22001, payment card industry security requirements) are either in place or rapidly approaching. We provide an assessment and road-map to make sure an organisation complies with these standards. CYBER INTELLIGENCE ASSESSMENT We help identifying information on your system that is openly available to any potential attacker. Our assessment exposes the potential ease of social engineering threats and vulnerabilities. It can also expose how vulnerable your company and your key personnel would be to internet based attack methods (spear phishing, spam, web-site malware).

10 PACKAGE TWO: CYBER REALISATION CYBER INFRASTRUCTURE REVIEW A detailed analysis of your infrastructure to determine the degree to which your systems are protected from internal and external attacks. We test the robustness of existing servers, software and hardware, setting out the vulnerabilities that could be exploited. CYBER INFRASTRUCTURE PROTECTION Ethical hacking by professionals. We will help you get to grips with network security through external penetration tests (both remote and local), wireless network security, physical security, vulnerability and compliance audits. We advise on options for managed security cyber services that can protect and defend large volumes of networked information. We also advise on disaster recovery and business continuity options. CYBER SECURITY TRAINING & COMMUNICATIONS Poor user awareness of cyber threats can be the easiest way for an attacker to gain entry into a business. We provide training on operating safely within a cyber context, focusing on the potential for targeted attacks through social media, internet browsing and s. We also build a practical engagement schedule between the CEO, IT practitioners and employees. It provides the basis for company wide communication of cyber security issues. If the CEO gets it, the rest of the company will also get it.

11 PACKAGE THREE: CYBER ASSURANCE CYBER ROAD MAP Cyber security is not a one-off service. We provide you with a cyber road map to help you address future information security gaps. By engaging at both executive and technical levels we will ensure that a business has peace of mind in its own security posture. TESTING AND CERTIFICATION Our audit package will provide regular checks of your website, mobile and network to ensure everything is updated with the necessary security products. Our penetration testing packages provide a more detailed technical review of your networks. Our certification package provides the guidance required to implement information security standards applicable to your business. HORIZON SCANNINGOur horizon scanning service provides regular cyber threat and intelligence reports tailored to your business sector to ensure you keep pace with the ever changing threat.

12 VIRTUAL INFORMATION SECURITY EXECUTIVES Although many large organisations employ a Chief Information Officer (CIO) a Chief Information Security Officer (CISO) and/or a Chief Technical Officers (CTO), smaller companies often lack the resources to provide them. We can provide virtual information security executives who work with you, on-site on a part-time basis or remotely, to enhance your information security and cyber posture. Our Trusted Cyber Advisors will work across the whole spectrum of Cyber Discovery, Realisation and Assurance to ensure your business remains fully aware of the cyber challenges they will face and the optimum way of protecting their core information assets.

13 CyberStrat (a division of GMTL LLP), 26 York Street, London, W1U 6PZ, UK +44 (0)

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Secure by design: taking a strategic approach to cybersecurity

Secure by design: taking a strategic approach to cybersecurity Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

CYBER SECURITY PROTECTING YOUR BUSINESS James Hatch Director, Cyber Services BAE Systems Applied Intelligence 1 CYBER SECURITY AT BAE SYSTEMS Professional Services Technical Services Prepare Protect Cyber

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Doyourwebsitebot defensesaddressthe changingthreat landscape?

Doyourwebsitebot defensesaddressthe changingthreat landscape? WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has

More information

Identifying Cyber Risks and How they Impact Your Business

Identifying Cyber Risks and How they Impact Your Business 10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates

More information

CONSULTING IMAGE PLACEHOLDER

CONSULTING IMAGE PLACEHOLDER CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Protecting your business interests through intelligent IT security services, consultancy and training

Protecting your business interests through intelligent IT security services, consultancy and training Protecting your business interests through intelligent IT security services, consultancy and training The openness and connectivity of the digital economy today provides huge opportunities but also creates

More information

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT

More information

Are You Ready for PCI 3.1?

Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? If your hotel is not PCI compliant, it should be. Every time a customer hands over their credit card, they trust your hotel to keep their information

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

How small and medium-sized enterprises can formulate an information security management system

How small and medium-sized enterprises can formulate an information security management system How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and

More information

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

Penetration Testing. I.T. Security Specialists. Penetration Testing 1 Penetration I.T. Security Specialists ing 1 about us At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

Procurement Policy Note Use of Cyber Essentials Scheme certification

Procurement Policy Note Use of Cyber Essentials Scheme certification Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

The risks borne by one are shared by all: web site compromises

The risks borne by one are shared by all: web site compromises The risks borne by one are shared by all: web site compromises Having your company web site hacked or compromised can be a costly experience for your organisation. There are immediate costs in responding

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

IT Governance: The Directors Cut. What Directors Need to Know

IT Governance: The Directors Cut. What Directors Need to Know IT Governance: The Directors Cut What Directors Need to Know Company directors are responsible for good governance in organisations and, increasingly, this means safeguarding a burgeoning volume of sensitive

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

ACE European Risk Briefing 2012

ACE European Risk Briefing 2012 #5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Penetration Testing. How Government Can Achieve Better Outcomes. Delivered by Murray Goldschmidt, Chief Operating Officer

Penetration Testing. How Government Can Achieve Better Outcomes. Delivered by Murray Goldschmidt, Chief Operating Officer Penetration Testing How Government Can Achieve Better Outcomes Delivered by Murray Goldschmidt, Chief Operating Officer Cyber Security for Government Conference, 25&26 October 2011, Sydney Compliance,

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

SECURITY 2.0 LUNCHEON

SECURITY 2.0 LUNCHEON PROTECTING YOUR ORGANIZATION SECURITY 2.0 LUNCHEON AGAINST CYBER THREATS Tommy Montgomery, Principal Consultant Viral Dhimar, Consultant Adam Ferguson, VP October 22, 2014 #SWCEvents Security 2.0: Next

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

FEELING VULNERABLE? YOU SHOULD BE.

FEELING VULNERABLE? YOU SHOULD BE. VULNERABILITY ASSESSMENT FEELING VULNERABLE? YOU SHOULD BE. CONTENTS Feeling Vulnerable? You should be 3-4 Summary of Research 5 Did you remember to lock the door? 6 Filling the information vacuum 7 Quantifying

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012 Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Roger s Cyber Security and Compliance Mini-Guide

Roger s Cyber Security and Compliance Mini-Guide Roger s Cyber Security and Compliance Mini-Guide A Mini Guide for Small and Medium Business and not for profit organisations. By Roger Smith Managed Service Provider and Cyber Security Coach R & I ICT

More information

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service. By Comsec Information Security Consulting Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cyber Security Incident Response Program. Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA

Cyber Security Incident Response Program. Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA Cyber Security Incident Response Program Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA World Economic Forum Global Technology Risks for 2015 According to the World Economic Forum s global risk perspectives

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:

More information

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015 Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are

More information

Cyber Security solutions

Cyber Security solutions Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote

More information

safe and sound processing online card payments securely

safe and sound processing online card payments securely safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

www.pwc.com Cybersecurity and Privacy Hot Topics 2015

www.pwc.com Cybersecurity and Privacy Hot Topics 2015 www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley Firstly, an apology + + = What shall we discuss What is Cyber Crime? What are the current threats? What is the capability of local and

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

CASSIDIAN CYBERSECURITY

CASSIDIAN CYBERSECURITY CASSIDIAN CYBERSECURITY ADVANCED PERSISTENT THREAT (APT) SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something no organisation can afford

More information

Hope for the best, prepare for the worst:

Hope for the best, prepare for the worst: Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO 2014 a record year for hacking! 100K+ WordPress sites infected by mysterious

More information

Whitepaper. Ten questions that every IT manager should ask. A Buyer s Guide to Hosted Security: www.exponential-e.com

Whitepaper. Ten questions that every IT manager should ask. A Buyer s Guide to Hosted Security: www.exponential-e.com Whitepaper A Buyer s Guide to Hosted Security: Ten questions that every IT manager should ask www.exponential-e.com Introduction to hosted security Information security remains the number one concern of

More information

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Network Security Audit. Vulnerability Assessment (VA)

Network Security Audit. Vulnerability Assessment (VA) Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.

More information

IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary

IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary Copyright Invictis Information Security Ltd. All rights reserved. Invictis Risk Intelligence Service Report Commercial

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

Western Australian Auditor General s Report. Information Systems Audit Report

Western Australian Auditor General s Report. Information Systems Audit Report Western Australian Auditor General s Report Information Systems Audit Report Report 10 June 2012 Auditor General s Overview The Information Systems Audit Report is tabled each year by my Office. It summarises

More information

Trust the Innovator to Simplify Cloud Security

Trust the Innovator to Simplify Cloud Security Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

ENTERPRISE INFORMATION SECURITY

ENTERPRISE INFORMATION SECURITY ANNUAL PLANNING TO OPTIMIZE ENTERPRISE INFORMATION SECURITY 60 Commerce Street, Suite 1100 Montgomery, AL 36104 USA www.icsinc.com T: 877.ICS.INC9 / 334.270.2892 F: 334.270.2896 info@icsinc.com A vital

More information

New-Age Undergraduate Programme

New-Age Undergraduate Programme New-Age Undergraduate Programme B. Tech Cloud Technology & Information Security (4 Year Full Time Programme) Academic Year 2015 Page 1 Course Objective This unique B. Tech course provides dual career options

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

An article on PCI Compliance for the Not-For-Profit Sector

An article on PCI Compliance for the Not-For-Profit Sector Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information