Managing Cyber Attacks
|
|
- Derek Rogers
- 8 years ago
- Views:
Transcription
1 Managing Cyber Attacks Regulators and Industry Participants Discuss Ways to Strengthen Defenses By Joanne Morrison June 25, 2015 Cybersecurity risks and testing are a major concern of regulators and market participants. Experts at a Commodity Futures Trading Commission roundtable discuss the testing underway as well as practices to recover from cyber attacks. CFTC staff spend the day hearing experts discuss cybersecurity challenges THE RISK OF cybersecurity attacks is the single highest concern among financial regulators and top global exchange and clearinghouse leaders. They all agree it is not just a risk, but inevitable that there will be an attack. What lies ahead are challenges in how to best protect key market infrastructure from attacks and recover operations and data after attacks. While the listed and cleared derivatives industry has taken steps for many years to test and prepare for disaster recovery and business continuity, such as after the Sept. 11 attacks, cybersecurity poses new challenges. cyber attacks 1/8
2 First and foremost, those involved in the attacks are sophisticated and hard to detect. A system can be penetrated unnoticed through simple software updates, attachments and simple downloads. In addition, the risk is greater as markets and participants become more linked electronically. Finally, what is most concerning to industry leaders is that cyber attacks are increasingly seen as a new form of terror attack, where critical systems are penetrated for the purpose of severely disrupting or destroying them rather than just stealing information. Five, ten years ago this conversation was largely about the digital equivalent of graffiti, the defacement of websites and other things like that. But now clearly you have actors that are not only willing to steal and commit fraud, but who are actually willing to carry out destructive attacks, like what we saw with the attack on Sony Pictures Entertainment, said Michael Daniel, special assistant to the president and White House security coordinator, at a March 18 staff roundtable of the Commodity Futures Trading Commission. CFTC Chairman Tim Massad agrees. At nearly every public speaking engagement over the past several months, including appearances before Congress, Massad has identified cybersecurity as the biggest threat facing markets. These threats, as we now know today, don t just come from people motivated by profit. They come from people looking to disrupt the system, Massad warned Senate lawmakers at an appropriations hearing in May. Global exchange leaders all have put cybersecurity at the top of their list of concerns. It is not an issue that their technology departments handle alone, they said, but rather a matter for boards and top executives. Exchange leaders identified cybersecurity as a bigger concern than other issues. For example, Jeff Sprecher, the chief executive of Intercontinental Exchange, said ICE s risk committee spends more time on cybersecurity threats than it does on clearinghouse risk and market risk. It has really changed the dynamics of my company. My board has reorganized now so that our info tech team reports into the board through a dotted line, Sprecher said in March during FIA s annual International Futures Industry Conference in Boca Raton, Fla. Sprecher went on to explain that ICE has begun testing its own employees, noting that often times cyber attacks start with breakdowns within the organization. The keys to your company walk out the door every night, he said, adding that enforcing a strict use of passwords, rather than a single password, is one good approach. Information Sharing Key cyber attacks 2/8
3 What is clear in a market system that is all about competition is that combating cybersecurity risks is about sharing and cooperation. It is an issue on which exchanges, clearinghouses, regulators and industry participants are working together and exchanging information to better prepare against attacks and devise systems to recover data and operations after an attack. This is an area where the exchange community has no competitive area among themselves, said Andreas Preuss, CEO of Eurex. If we are not collectively getting this under control, we collectively can cause big systemic risks. Cooperation Network In 1999 the U.S. Treasury Department spearheaded the formation of the Financial Services Information Sharing and Analysis Center. This private sector organization has become the financial industry s go to resource for cyber threats. FS ISAC is unique because it was created by and for members and operates as a member owned nonprofit entity. Membership is comprised of global banks, dealers, finance companies, hedge funds and others. It has been a critical tool in protecting banks and financial institutions. In the central repository at FS ISAC, details about attacks are shared among participants alerting them to potential system weaknesses and potential computer viruses and malware designed to attack systems. All information provided to FS ISAC is cleansed of identifying features to protect the companies that share attack details. Greg Gist, a director in CitiGroup's office of emergency management, discusses the many facets of testing. This network of cooperation is even more critical as financial systems become more and more linked. We see a lot of firms being more interested in doing this, because protecting the system as a whole is now much more important than just protecting my system by itself because of the way risk can be transferred through, said Brian Peretti, director of the Office of Critical Infrastructure Protection and cyber attacks 3/8
4 Compliance Policy at the Treasury Department. He also heads the Financial and Banking Information Infrastructure Committee, a group comprised of 18 financial regulators including the CFTC, the Securities and Exchange Commission, and the Federal Reserve, that meets monthly to discuss cyber attacks. In addition, the race for speed and access has also added to cybersecurity risks. We went as an industry from analog to digital and there was an arms race of speed going to computers and all of us here were trying to have the fastest processor and the lowest latency network, explained ICE s Sprecher in March. ORGANIZATIONS WORKING ON CYBERSECURITY We as exchanges opened our doors and let a thousand flowers bloom so that everybody could connect to us. That attitude is going to change, said Sprecher, adding that the exchange is going to have to be more restrictive about what comes in on the network and how access is enabled. He suggested broader use of encryption for example. OCIP Office of Critical Infrastructure Protection and Compliance Policy. The U.S. Treasury Department established this office after the September 11 attacks. Its role is to coordinate the department s development and implementation of polices related to protecting critical infrastructure of the financial services sector. FBIIC Financial and Banking Information Infrastructure Committee. This group is made of 18 U.S. financial regulators including the Commodity Futures Trading Commission, the Top Concern of Regulators The CFTC has responded in a number of ways to the growing threat of cybersecurity. For example, the CFTC s core principles include provisions requiring clearinghouses and exchanges to maintain system safeguards and risk management programs, systems to notify regulators of incidents, and formal recovery procedures in place. And while the CFTC has made this a priority in its examinations, the agency is not adequately funded to test systems itself, Massad has warned lawmakers. Repeatedly, Massad has said the responsibility for cybersecurity safety rests primarily with private institutions. As a government agency, the CFTC can set standards, he said, but it is the private institutions that run critical financial infrastructure that just carry out all of the comprehensive analysis and system work that is required. What the CFTC has done, however, is made sure that exchanges and clearinghouses themselves have adequate testing and have followed best practices with independent testers, where appropriate, to do things like controls, testing, penetration testing and vulnerability testing, Massad said. cyber attacks 4/8
5 Securities and Exchange Commission, the Treasury Department, federal banking regulators and others. This group holds monthly principal level meetings in the wake of a growing number of cyber attacks. FSSCC Financial Services Sector Coordinating Council. This group was formed at the encouragement of the U.S. Treasury Department to strengthen the resiliency of the financial services sector against attacks and other threats to critical infrastructure. It is a private sector group representing financial services providers such as banks, exchanges, insurance companies, clearinghouses and electronic payment systems as well as industry associations such as FIA. FS ISAC Financial Services Information Sharing and Analysis Center. This private sector group was formed in 1999 and is the financial services industry s go to We have incorporated cyber concerns into our examinations. Typically in our examinations what we re looking for is the board of directors and top management setting the right tone with respect to these issues, Massad told a Senate panel at an appropriations hearing in May, adding that not only must policies be in place, but also top management must ensure policy is being enforced. CFTC officials have also indicated they are working on a release directed at critical market infrastructure entities that will build on the existing core principles. There are currently business continuity management best practices in the core principles in the Commodity Exchange Act and the Dodd Frank Act that govern CFTC regulated exchanges, trading systems and clearinghouses. At the March roundtable, staff discussed with participants whether expanding on the principles ordrafting new rules involving cybersecurity testing should be proposed. Staff also were focused on how the CFTC might audit for compliance and whether participants could estimate the costs associated with any new requirements. A Global Concern Massad also highlighted that combating cybersecurity must continue to be a joint effort not only with the industry but also among regulators, both in the U.S. and globally. We're never going to be able to do all this by ourselves. It's important that we work with other regulators, he said. We simply cannot address this risk with the budget that we have and these threats. In that vein, in 2013, the Bank of England began taking an active interest in state driven terror cyber attacks, moving away from cybercrime, e fraud and other long established patterns in the online cyber crime world. After consulting with the financial services industry and others, the central bank established a framework for testing called CBEST. It differs from other security testing undertaken by the financial services sector because it is threat intelligence based, meaning that it is based on actual cyber threat intelligence in addition to simulated scenarios. cyber attacks 5/8
6 resource for cyber and A CBEST test involves three parties: a regulated entity, a private physical threat intelligence sector penetration testing company and the Bank of England. In analysis and sharing. It addition, the penetration testing company must be qualified as a was created by and for member of the CBEST scheme. members and operates as a member owned nonprofit entity. support at the Bank of England, warned that CBEST is not a David Evans, senior manager for sector and supervisory cyber panacea to cyber threats. You can t expect to do one of these CBEST tests and you will suddenly become cyber secure or cyberresilient. It s a component, he told panelists at the CFTC The cyber intelligence network and testing roundtables. framework launched in 2014 by the Bank of The regulator will have a view of what s critical that that England. The framework organization does. The organization will have a view of what s gathers information and critical. And perhaps the Bank of England, independently, is sort of threat intelligence from looking at a financial stability angle, and the system as a whole various sources and then might also have a slightly different perspective, said Evans. uses the information for CBEST provides a holistic assessment of a financial service or testing scenarios in the infrastructure provider s cyber capabilities by testing people, financial services sector processes and technology in a single test. through qualified testing firms. We wanted to come up with a repeatable testing framework that incorporated all of the sort of better practices in terms of a penetration test, but we wanted to also include threat intelligence as a key component of that part, Evans said. Much of the financial services industry led testing that was established for business continuity and disaster recovery is now focusing on cybersecurity and considering what additional tests could be beneficial. FIA s Annual Test These threats, as we now know today, don t just come from people motivated by profit. They come from people looking to disrupt the system. Every fall for the past 11 years, FIA has worked with a broad cross section of market participants, exchanges and clearinghouses to test and prepare for potential market disruptions.over the years, the group s work has served as a significant tool to help exchanges, clearinghouses and clearing and non clearing firms prepare and operate during market disruptions. cyber attacks 6/8
7 Tim Massad For example, Superstorm Sandy, which shut down markets on the East Coast, was a true test of the work of this committee. CFTC The 2014 test organized by FIA s Information Technology Division s Business Continuity Committee was conducted last October and focused on disaster recovery back up connectivity and functionality between exchanges, clearinghouses and member firms. The test was successfully conducted among 24 domestic and international futures exchanges, clearinghouses and swap execution facilities as well as 62 clearing/non clearing firms. The test, which will include more of a focus on cybersecurity risks, will take place again in the fall of 2015 and again it will be coordinated with the Securities Industry and Financial Markets Association, as there are member firms that are joint FIA/SIFMA members. David Evans discusses the work the Bank of England has done with financial firms to test for cyber threats. excercises with management teams. John Rapa, president and chief executive officer of Tellefsen CFTC Commissioner and Co, helped managed the Christopher Giancarlo and testing for FIA and spoke at the Chairman Tim Massad listen CFTC roundtable. He to expert advice on how to highlighted the importance of manage cyber threats. having a direct line to top executives and others within an organization when it comes to managing and protecting against cyber threats. He and others warned that tests have to change, as threats change, and talked about the need for tabletop war room scenario planning You can t keep doing the same thing over and over again. You ve got to mix it up, he said. When you start to plan these things, you ve got to think deviously. We are at war here. Panel participants were asked whether comprehensive end to end enterprise resilience testing is needed. Participants stressed the focus should be on resilience and the ability to resume business. They were concerned about the operational impact of end to end testing, which most participants felt could be difficult. Greg Gist, director of industry relations at Citigroup in its office of emergency management, explained there are many different levels of requirements for testing: the threat environment, which might be tested with internal auditors; testing with a firm s cyber attacks 7/8
8 We wanted to come up with a repeatable testing framework that incorporated all of the sort of better practices in terms of a penetration test, but we wanted to also include threat intelligence as a key component of that part. partners; and testing with third party suppliers. He noted that the number of tests firms now experience is eating up the green zone of time and firms have very scarce resources. David Garland, director of business continuity management at CME, suggested there should be smaller disaster recovery unit testing, which are more ongoing and could ultimately reduce spending on larger industry wide testing. He too stressed the importance of tabletop tests in addition to actual fail over tests. David Evans Bank of England cyber attacks 8/8
Cybersecurity: Recent CFTC and NFA Activity
Cybersecurity: Recent CFTC and NFA Activity September 11, 2015 Futures and Derivatives Commodity Futures Trading Commission (CFTC) Chairman Timothy Massad recently announced that cybersecurity in the futures
More informationTestimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:
Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony
More informationCFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM
CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM Objectives Provide an overview of the CBEST program Overview will include answers to the following questions: What types
More informationCyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.
Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationUNITED STATES OF AMERICA COMMODITY FUTURES TRADING COMMISSION
UNITED STATES OF AMERICA COMMODITY FUTURES TRADING COMMISSION STAFF ROUNDTABLE ON CYBERSECURITY AND SYSTEM SAFEGUARDS TESTING Washington, D.C. Tuesday, March 18, 2015 2 1 PARTICIPANTS: 2 VINCENT McGONAGLE
More informationTestimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the
Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS
More informationAnthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:
Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee
More informationNetwork Security Landscape
Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationContingency Planning in ICSA Member Countries
Contingency Planning in ICSA Member Countries Australia In an effort to review and upgrade Australia s capacity to deal with threats to critical infrastructure, the government has formed a Trusted Information
More informationThe Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency
The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency 1 Challenge for Cyber Security in Financial Sector (1) Necessity to Strengthen
More informationA Crisis Response, Information Sharing View of FFIEC Appendix J?
A Crisis Response, Information Sharing View of FFIEC Appendix J? Susan Rogers (MBCP, MBCI) Financial Services Information Sharing and Analysis Center FS-ISAC, Business Resiliency Director srogers@fsisac.us;
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationBusiness Plan 2012/13
Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,
More informationPROPOSED INTERPRETIVE NOTICE
August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC
More informationRemarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationMEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries
IOSCO/MR/54/2015 Madrid, 22 December 2015 IOSCO reports on business continuity plans for trading venues and intermediaries The Board of the (IOSCO) today published two reports that seek to enhance the
More informationFS-ISAC CHARLES BRETZ
FS-ISAC CHARLES BRETZ Information Sharing To be forewarned is to be fore-armed MISSION: Sharing Timely, Relevant, Actionable Cyber and Physical Security Information & Analysis A nonprofit private sector
More informationCyber security in an organization-transcending way
Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationManaging cyber risk the global banking perspective
1 Managing cyber risk the global banking perspective Speech given by Andrew Gracie, Executive Director, Resolution, Bank of England British Bankers Association Cyber Conference, London 10 June 2014 2 I
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationCybersecurity Awareness. Part 2
Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationBusiness Continuity at CME Group
1 Business Continuity at CME Group CME Group is proud of its solid Business Continuity Management program, which is central to helping mitigate potential impacts to our markets and customers. It defines
More informationDiana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03
Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Thank you Members of the Committee. I welcome the opportunity to submit this testimony on how the New
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationCrisis Management. IT Governance Summit 2015 Golden Tulip-Kumasi 08-09 October 2015
Crisis Management IT Governance Summit 2015 Golden Tulip-Kumasi 08-09 October 2015 Daniel Gyampo (EMBA,CRISC,CISA, CGEIT pass) Group Manager, Information Systems Audit, Ecobank Contents Disaster / Crisis
More informationCybersecurity and the Threat to Your Company
Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationCyber threats are growing.
Cyber threats are growing. So are your career opportunities. Put the future of your cybersecurity career in the hands of a respected online education leader. Everything you need to succeed. Excelsior College
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationBSA-ISSA Information Security Study Online Survey of ISSA Members
BSA-ISSA Information Security Study Online Survey of ISSA Members December 3, 2003 Research Conducted Between October 13 and October 29, 2003 Key Findings I. A majority of security professionals believe
More informationStrategies for Countering Cyber Threats
UNDERWRITTEN BY Strategies for Countering Cyber Threats By Aliya Sternstein The federal government is out to stop cybercrooks by reaching potential victims before they do. Public outreach is one of the
More informationCHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033
CHAPTER 2016-138 Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 An act relating to information technology security; amending s. 20.61, F.S.; revising the
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationIs your Organization SAFE?
Is your Organization SAFE? About Enterprise Risk Management (ERM) About The Presenter Mike Sanchez, Senior Vice President at ERM Captain, USMC (Ret.) COBIT 5 Certified Possesses over 20 years of experience
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationCYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts
CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationCyber Security Risk Management
Our Ref.: B1/15C B9/29C 15 September 2015 The Chief Executive All Authorized Institutions Dear Sir/Madam, Cyber Security Risk Management I am writing to draw your attention to the growing importance of
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationRisk Management in Global Operating Industry
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationKeynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium
Keynote Speech by Beth Dugan Deputy Comptroller for Operational Risk at The Clearing House s First Operational Risk Colloquium February 11, 2015 Washington, D.C. Thank you. It s an honor to be invited
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationTop 5 Global Bank Selects Resolution1 for Cyber Incident Response.
MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.
More informationRemarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationAccountability for a data breach
Accountability for a data breach /operational-risk-and-regulation/feature/2275384/accountability-for-a-data-breach 17 Jun 2013, Jessica Meek, Operational Risk & Regulation In March 2013 the US Senate Select
More informationTESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE
TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE HOUSE COMMITTEE ON GOVERNMENT REFORM ON THE 9/11 COMMISSION RECOMMENDATIONS ******* August
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationEXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS
EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you
More informationEl Camino College Homeland Security Spring 2016 Courses
El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationTestimony of John W. Carlson on behalf of the. The Financial Services Information Sharing & Analysis Center (FS-ISAC)
Testimony of John W. Carlson on behalf of the The Financial Services Information Sharing & Analysis Center (FS-ISAC) Before the U.S. House of Representatives Committee on Financial Services June 24, 2015
More informationTestimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology
Testimony of Wm. Douglas Johnson On behalf of the American Bankers Association before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform United States House
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More information2015 A CyberSecurity Year. Robert Annett @robert_annett
2015 A CyberSecurity Year Robert Annett @robert_annett Why was 2015 special? http://www.informationisbeautiful.net/ visualizations/worlds-biggest-data-breaches-hacks/ Source: http://www.bloomberg.com/graphics/2014-data-breaches/
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationCritical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION
Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationGuidance on data security breach management
Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationOn the European experience in critical infrastructure protection
DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationExecutive Cyber Security Training. One Day Training Course
Executive Cyber Security Training One Day Training Course INTRODUCING EXECUTIVE CYBER SECURITY TRAINING So what is all this we hear in the media about cyber threats? How can an organization understand
More informationCybersecurity and the Romanian business environment in the regional and European context
KPMG Legal Cybersecurity and the Romanian business environment in the regional and European context Developing a cybersecurity culture for the users of digital and communications systems has become a mandatory
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More information2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP
2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.
More informationTESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the
For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY
More informationSMALL BUSINESS REPUTATION & THE CYBER RISK
SMALL BUSINESS REPUTATION & THE CYBER RISK Executive summary In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationThe Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.
The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationWRITTEN TESTIMONY OF JOHN A
WRITTEN TESTIMONY OF JOHN A. KOSKINEN COMMISSIONER INTERNAL REVENUE SERVICE BEFORE THE SENATE FINANCE COMMITTEE ON UNAUTHORIZED ATTEMPTS TO ACCESS TAXPAYER DATA JUNE 2, 2015 Chairman Hatch, Ranking Member
More information