Institute of Internal Auditors (IIA) of Thailand Conference Internal Audit Technology at the Forefront
|
|
- Vincent Stevenson
- 8 years ago
- Views:
Transcription
1 Institute of Internal Auditors (IIA) of Thailand Conference Internal Audit Technology at the Forefront Gary Tan Director Enterprise Risk Services 2 November 2015
2 Agenda 1 Introduction 2 Cybersecurity 3 Big Data 4 Cloud Computing 5 IT Implementation 6 Wrap-up
3 1. Introduction
4 Introduction The New Digital Age Spending on cloud, mobile, analytics, and social technology soars CIO s dual role builder of technology and builder of the business Today s IT organization is increasingly focused on revenue growth, customer experience, and data-based insight. this shift is due to the growing importance of digitization 4
5 Introduction Market and Opportunity in ASEAN 5 ASEAN is poised to be 5th largest economy (USD4.7 trillion) This represent a significant increase adoption of technologies across all types of businesses which mirrors the rapid expansion of high-tech devices and digital technologies Management of Strategic, Operational, Cyber and Technology Risks are acknowledged as important business matters greater role for audit and compliance
6 Introduction (cont d) Given their significance, technology implementations and related security activities can no longer be considered just the purview of the IT function but to broader business, governance and risk activities for the audit committee, board members and management. Key Highlights of IT Spending: 2.4% Global IT spending in % Asia Pacific highest increase in % Thailand s IT spending in 2015 Generally SEA region has seen increased in IT spending but with slower outlook for 2015 China is the new global economy powerhouse SEA region is still growing and emerging Source: Gartner IT Key Metrics Data 6
7 Introduction (cont d) Top Five IT Spending in 2015: Source: Computerworld 7
8 2. Cyber Security
9 Cyber Risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government and regulatory focus Up from 8.1% Global headlines: Up from 3.3% Down from 28.5% Home Depot faced major data breaches; 40 million cardholders info respectively Source: Verizon 2015 Data Breach Investigations Report 9
10 Cyber Risk High on the agenda Recent U.S. Securities and Exchange Commission (SEC) guidance regarding disclosure obligations relating to cybersecurity risks and incidents.. Registrants should address cybersecurity risks and cyber incidents in their Management s Discussion and Analysis of Financial Condition and Results of Operations (MD&A), Risk Factors, Description of Business, Legal Proceedings and Financial Statement Disclosures. SEC Division of Corporate Finance Disclosure Guidance: Topic No. 2 - Cybersecurity Ever-growing concerns about cyber-attacks affecting the nation s critical infrastructure prompted the signing of the Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity. The Executive Order highlights the focus on an improved cybersecurity framework and the rapid changes of regulatory agency expectations and oversight 10
11 Case Study 11
12 Cyber Security Headlines Southeast Asia Southeast Asia quietly dealt with its share of cyber attacks. Like the U.S., companies in this region face a complex threat landscape filled with advanced cyber attackers intent on stealing corporate data and state secrets. Note: APT is considered to be an indicator of hacking activity TOP three cyber threats in Thailand for 2015 Online banking malware, malware on mobile devices and attacks on open-source vulnerabilities Southeast Asian companies regularly attract the interest of cyber spies and criminals looking to steal information Government about the region s growing and industry authorities sectors energy, are telecommunications, taking high-tech, transportation, and finance. serious countermeasures to curb these Territorial disputes in the South China Sea drive cyber espionage activity in Southeast Asia. Both government and private industries attacks/breaches are targets of threat actors seeking to steal information in these disputes. Source: Special Report by FireEye 12
13 The Audit Committee s Role in Cyber Security The audit committee s involvement in cybersecurity issues varies significantly by company and industry In some organizations, cybersecurity risk is tasked directly to the audit committee, while in others, there is a separate risk committee. Key questions that AC should keep in mind How do we know what data is leaving the company, and what associated monitoring activities are in place? How are critical infrastructure and regulatory requirements met? What is the overall strategy and plan for protecting assets from cyber attacks? Do we have a cyber incident response plan? Is it up to date and have we practiced it? 13
14 What most organizations are doing Take a business view 1 Senior management accountability Assess your risk and share results with business stakeholders Measure and report. Continuous monitoring Educate on cybersecurity 5 Partner with business, agency, vendors and regulators 4 3 $ Invest 2 in cybersecurity solutions Develop a cybersecurity plan Strategize to address risks and threats 14
15 Deloitte Cybersecurity Framework Certain cybersecurity domains may be partially covered by existing IT audits, however many capabilities have historically not been reviewed by internal audit. 15
16 Deloitte Cybersecurity Framework (cont d) Cybersecurity plans should take into account the past, the present, and the future with regard to cyber risks. Important attributes of an effective cybersecurity plan include the following: Secure: Are controls in place to guard against known and emerging threats? Vigilant: Can we detect malicious or unauthorized activities? Resilient: Can we act and recover quickly to minimize impact? 3 Design Objectives Secure systems and controls Vigilant towards cyber threats Resilient in recovery 16
17 Deloitte s Cyber Security Operations Centre (SOC) Recently launched the Cyber Security Operations Centre (SOC) in two countries Singapore and Malaysia. This centre will provide our clients with security coverage across all times zones, and it is linked into Deloitte Global s Cyber Intelligence Centre (CIC). These centres complements services that Deloitte has been providing globally to combat the increasing complexity and frequency of cybercrimes around the world. 17
18 Closing Thoughts 18
19 3. Big Data Analytics
20 Key Highlights The world of big data is expanding exponentially in both volume and complexity, and continued growth makes each year a virtually new landscape for data management. Fun Facts: The number of mobile devices and wireless connections grew to 7 billion globally in 2013, an increase of $500 million in one year. Enterprises spent more than $30 billion globally on big data hardware, software, and services in 2013/14. Social media advertising increased by 60% between 2011 and 2013 to $6 billion 20
21 Big Data De-Hyped Big data is high-volume, -velocity, and -variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making. Companies are no longer suffering from a lack of data they re suffering from a lack of the right data and face sometimes daunting prospect of efficiently storing and analyzing this diversely sourced data. 21
22 Data Analytics Maturity Roadmap Most internal audit should aim to be here 22
23 Role of Internal Audit Two key questions to keep in mind when considering data analytics: How can we help our clients/stakeholders better compete through data insights which they can act upon? How could we infuse analytics into what we do already? 23
24 Harnessing the Power of Analytics 24
25 Internal Audit Approach Analytics Driven Our internal audit approach allows 100% review of the population size to gain insights on the profile of the transactions as well as the pervasiveness of any audit findings. Aspect Typical Internal Audit Internal Audit with Analytics Understand the Business Understand the Business Work Flow Random Sampling Test Samples Understand the Data Perform Data Analysis Focused sampling Test Sample/s Identify Audit Findings Identify Audit Findings Testing Random sampling 100% analysis and focused sampling Correlating data Audit findings Data correlation from different sources is manuallyintensive, almost impossible Higher possibility of being arbitrary, ambiguous and subjective Ensures data from different sources are correlated and supports conclusion Fact-based and data driven (incontestable) resulting in more insightful recommendations Audit errors Higher risk of human errors Reduces risk of human errors 25
26 Audit Analytics Technologies Productivity / Database Excel / Access SQL Most organizations use a combination of traditional audit and statistical/analytics tools Traditional Audit Data discovery and visualization are deployed as next generation in analytics Data Discovery Many of these tools have desktop and server versions fit and risk considerations need to be assessed Visualization / Self Organizing Maps Majority of these tools are inexpensive and easy to implement and use Self Service Business Intelligence IT support to focus on necessary infrastructure and accelerators such that the IA teams can focus on analytics vs. routine tasks The shift from baseline reporting to data discovery & visualization 26
27 Traditional BI vs. Data Discovery / Visualization New frontier in analytics Old days of data marts and data warehouses are giving way to a new era in which the data flows like a river and must be analyzed as it changes. 27
28 Analytics Technology Overview Vendor comparison was derived from Gartner s Magic Quadrant for Business Intelligence Platforms as well as Deloitte s internal resources and expertise. Tier 1 Tier 2 Category Criteria IBM Microsoft SAP SAS Qlik Tibco Tableau Vendor capabilities Technical capabilities Market and Industry Footprint Range of Business Intelligence Capabilities Scalability and Upgradeability Platform Compatibility Security Analytical Capabilities Performance 1. Vendor and technical capabilities differentiate IBM Cognos, SAP BO, and Microsoft Reporting and Analysis Services when it comes to standard and OLAP reporting. 2. SAS offers robust analytical capabilities with their strength in statistical analysis and predictive modeling. People and training Customer Experience /Visualisation Ease of Use Data Mining Capabilities 3. Qlik Tibco, and Tableau provide an enhanced user experience by providing business users with easy-touse advanced visualisation and data mining capabilities. Capability completely supported Capability mostly supported Some support for capability Limited support for capability 28
29 Internal Audit Leveraging Analytics Understand LTA Business Processes Phased approach to perform Data Analysis Design Audit Integrated with Data Analytics Perform Audit Deliver Results Data Aggregation Analytics Application Process Data Analysis Report Exceptions & Continuous Monitoring Source Systems ETL Ongoing Knowledge Transfer & PMO Communication Integrating traditional internal audit approach with the right data analytic 29
30 Audit Analytics Maturity Model Internal Audit should target to achieve a sustainable data analytics model 30
31 Closing Thoughts Data analytics requires innovative thinking about sourcing data and identifying risks is as much, if not more, about asking the right questions as it is about the mathematical contortions going on behind the scenes can be applied to more aspects of Internal Audit than simply continuous monitoring and look back audits 31
32 4. Cloud Computing
33 What is Cloud? Cloud computing represents a major change in IT sourcing and services delivery. Cloud computing is changing in how businesses purchase, deploy, and support IT services, and many companies now are responding to the new opportunities. Top Five IT Spending in 2015: The cloud services market is expanding 5 times faster than traditional IT spending Cloud services, for instance, still account for less than 10% of the IT services market. Not widely adopted in this region particularly local companies 33
34 Types of Cloud Computing Services 34
35 Key Drivers for Cloud Computing 35
36 Main Drivers vs. Inhibitors of Cloud Computing in the Enterprise Security Remains the Top Concern for adopting Cloud 36
37 Cloud Computing Environment Security and Privacy Risks 37
38 Tackling the Cloud Security Challenge Governance and compliance Privacy and data protection Security incident response Monitoring usage of cloud Monitoring compliance with regulatory requirements Compliance with multijurisdictional data privacy laws Delineating ownership of data across organizational Managing access to appropriate levels of data Implementing data storage and retention policies at the cloud vendor Managing incident investigations in a virtualized environment Limiting incident spill over to multiple cloud tenants Handling complicated troubleshooting due to continuous environment changes Access control Access controls for cloud management interfaces Access controls for segregation of duties Due diligence prior to assignment of access privileges Vulnerability management Vendor management Managing virtualization induced vulnerabilities Ensuring timely security patches Adequate vulnerability testing of cloud components Obtaining assurance on cloud vendor s solution Monitoring vendor s performance Building in cloud portability and interoperability 38
39 Security Standards for Cloud Computing ISO/IEC provide guidance on the information security elements of cloud computing, recommending and assisting with the implementation of cloudspecific information security controls for both Cloud Service Providers and Cloud Service Customers. Multi-Tier Cloud Security Standards that covers multiple tiers and can be applied by Cloud Service Providers (CSPs) to meet differing cloud user needs for data sensitivity and business criticality. This standard seeks to assist in driving cloud adoption across industries by giving clarity around the security service levels of cloud providers, while also increasing the level of accountability and transparency from these companies. 39
40 Closing Thoughts Business will continue to innovative to use of cloud computing Assess the risk implication on the services when moving to cloud Assess the control gap of the cloud service provider and determine the residual risk exposure can be mitigated ensure they meet your company s standards Clarity in the roles and responsibility between the cloud user and cloud service provider Ultimately, you can outsource responsibility but you can t outsource accountability. 40
41 5. IT Implementation
42 Introduction IT implementations generally affect the entire organization organizational, process and technology changes More than 90% of implementation projects completed late or over budget, or both Common audit risk includes controls gaps, security and access rights issues and data conversion/migration. Growing IT Implementation Trends in 2015: Hybrid cloud goes mainstream Subscription based enterprise software Mobile technology In-memory computing for ERP Deeper ERP integration / upgrade Open source continues to grow Auditing standards place specific requirements on the auditor to understand how a Client has responded to risks arising from their major IT implementations by obtaining an understanding of control activities. 42
43 Top IT Implementation Audit Consideration Scope your audit correctly Impact of new system functionality Security, sensitive access & segregation of duties User acceptance testing Data conversion/migration Reports Key control impact assessment Business requirements & design documentation Issues log and defect tracking Project governance & status reporting to support the go-live decision Throughout the IT implementation, internal audit has a vital role in verifying that project controls and best practices are followed.. 43
44 Top IT Implementation Audit Consideration (cont d) Scope your audit correctly No single template selecting the right audit approach to evaluate your company s move to a new system depends on their business objectives and evolving needs. 44
45 Internal Audit Approaches Three Internal Audit Approaches In practice, there are three common approaches to internal audit s involvement in IT implementations: 1. Internal audit is involved in each phase of implementation; 2. Internal audit is involved during or after testing is completed, and before going live; 3. Internal audit is involved only after the system has gone live. Clearly the first approach, as we have described, is the most effective, least risky, and least costly IT Strategy & Planning Business Requirements & Blueprint Risk, Controls, Access, Process and Reports Design Configure & Implement Testing Go Live Approach 1 Approach 2 Approach 3 45
46 Bottom-line Benefits with Internal Audit Involvement Help aligns IT implementation with business goals. Improve security efficiently monitor, remediate and highlight system or business risks to improve decision making and enforcement. Facilitates compliance with laws and regulations, including those relating to corporate governance, internal controls, risk management and privacy. Enable smooth transition and drive adoption through end-user engagement. Involving internal audit at the start and in every phase throughout the project will save significant time and effort as well as reduce the risks inherent in any such project, thus increasing the implementation s chance for success. 46
47 Wrap Up
48 Conclusion Technologies also offer tremendous potential for data analytics, innovation, enhanced business efficiencies and customer and investor engagement when successfully implemented. Audit Committee and Internal Audit need to understand how these new technologies and trends are impacting the company implication of technology innovations to security and privacy, financial reporting processes and the viability of the company s business model. 48
49 Q & A
50 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu L imited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple ind ustries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 195,000 professionals are committed to becoming the standard of excellence. About Deloitte Southeast Asia Deloitte Southeast Asia Ltd a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Guam, Indonesia, Malaysia, Philippines, Singapore, Thailand and Vietnam was established to deliver measurable value to the particular demands of increasingly intra -regional and fast growing companies and enterprises. Comprising over 250 partners and 5,500 professionals in 22 office locations, the subsidiaries and affiliates of Deloitte Sout heast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities. About Deloitte Singapore In Singapore, services are provided by Deloitte & Touche LLP and its subsidiaries and affiliates Deloitte & Touche Enterprise Risk Services Pte Ltd
Cybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationCisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.
Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationW H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s
W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s IDC Middle East, Africa, and Turkey, Al Thuraya Tower 1, Level 15, Dubai
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationWhere insights lead Cybersecurity and the role of internal audit: An urgent call to action
Where insights lead Cybersecurity and the role of internal audit: An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could
More informationPractical and ethical considerations on the use of cloud computing in accounting
Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically
More informationEND-TO-END BANKING SOLUTIONS
END-TO-END BANKING SOLUTIONS AND SERVICES PARTNERING WITH THAKRAL ONE BI AND ANALYTICS MOVING FROM BIG DATA TO REAL DATA Increased pressures from regulatory compliance, rapid global economic changes, and
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationISO27032 Guidelines for Cyber Security
ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationRisk Intelligence Challenge 2015. Going beyond risk in business
Risk Intelligence Challenge 2015 Going beyond risk in business Frequently Asked Questions (FAQ) Frequently asked questions 1. Why join RIC 2015? RIC is a great platform for you to learn, grow and gain
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationMaster Data Management Enterprise Architecture IT Strategy and Governance
? Master Data Management Enterprise Architecture IT Strategy and Governance Intertwining three strategic fields of Information Technology, We help you Get the best out of IT Master Data Management MDM
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationA TECHNICAL WHITE PAPER ATTUNITY VISIBILITY
A TECHNICAL WHITE PAPER ATTUNITY VISIBILITY Analytics for Enterprise Data Warehouse Management and Optimization Executive Summary Successful enterprise data management is an important initiative for growing
More informationSingapore s Tax Appeal for Funds and Fund Managers
Singapore s Tax Appeal for s and Managers Tax incentives for funds and fund managers in Singapore Singapore is a key location for fund managers of private equity, real estate and hedge funds to be based
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationArmanino McKenna LLP Welcomes You To Today s Webinar:
Armanino McKenna LLP Welcomes You To Today s Webinar: Business Intelligence Are You Data Rich & Information Poor? The presentation will begin in a few moments About the Presenter(s) John Horner, Director
More informationMarch 2015. Internal audit insights High impact areas of focus
March 2015 Internal audit insights High impact areas of focus Introduction Internal audit is widely, if not universally, viewed as a key pillar in effective governance with expectations of internal audit
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationHP and netforensics Security Information Management solutions. Business blueprint
HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization
More informationBladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture
BladeLogic Software-as-a- Service (SaaS) Solution Help reduce operating cost, improve security compliance, strengthen cybersecurity posture February 20, 2014 Contents The Configuration Security Compliance
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationSAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT
SAM Benefits Overview SAM SAM is critical to managing an IT environment because effectiveness is seriously compromised when an organization doesn t know what software assets it has, where they are located,
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationCloud Data Security. Sol Cates CSO @solcates scates@vormetric.com
Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More information5 TIPS FOR MAXIMIZING THE VALUE OF YOUR SECURITY ASSESSMENT
5 5 TIPS FOR MAXIMIZING THE VALUE OF YOUR SECURITY ASSESSMENT 1 Anatomy of a Security Assessment With data breaches making regular headlines, it s easy to understand why information security is critical.
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationEND TO END DATA CENTRE SOLUTIONS COMPANY PROFILE
END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing
More informationWhitepaper: 7 Steps to Developing a Cloud Security Plan
Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationThe Big Deal With Big Data: New Security Tools Are Needed
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Big Deal With Big Data: New Security Tools Are
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationDeloitte Cyber Risk Services Providing trust in a digital world
Deloitte Cyber Risk Services Providing trust in a digital world June 2015 Deloitte Cyber Risk Services Providing trust in a digital world Our aim Your organization, whether functioning in the public or
More informationData Center Consolidation in the Federal Government Looking beyond the technology
Data Center Consolidation in the Federal Government Looking beyond the technology Overview The reported number of Federal data centers grew from 432 in 1998 to 2,094 in 2010 1, an increase that is costly,
More informationCloud Security: The Grand Challenge
Dr. Paul Ashley IBM Software Group pashley@au1.ibm.com Cloud Security: The Grand Challenge Outline Cloud computing: the pros, the cons, the blind spots Security in the cloud - what are the risks now and
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationThe enemies ashore Vulnerabilities & hackers: A relationship that works
The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationAsia Pacific. Tax Management Consulting Why and What?
Asia Pacific Tax Management Consulting Why and What? In an increasingly demanding and global environment, managing tax is becoming more complex. The world s leading tax departments integrate business strategy
More informationPersonal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach
Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationCloud Services for Microsoft
The success of your business depends on your ability to adapt to a dynamic market environment, where globalisation and economic pressures are reshaping the landscape. To remain competitive, your organisation
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationCybersecurity: The changing role of audit committee and internal audit
Cybersecurity: The changing role of audit committee and internal audit Contents 1. Introduction 3 2. What is the role of Internal Audit and the Audit committee? 4 2.1 Three Lines of Defence Model 4 2.2
More informationSeamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.
Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues
More informationCyber-Security: Proactively managing the cyber threat landscape
Cyber-Security: Proactively managing the cyber threat landscape Agenda Understanding the cyber threat landscape Building a resilient Cyber Risk capability An Internal Audit approach Closing thoughts Understanding
More informationHow To Protect Your It Infrastructure
Proactive Real-Time Monitoring and Risk Management Managed Security Services NCS Group Offices Australia Bahrain Brunei China Dubai Hong Kong SAR Korea Malaysia Philippines Singapore Sri Lanka Understanding
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationQlikView Business Discovery Platform. Algol Consulting Srl
QlikView Business Discovery Platform Algol Consulting Srl Business Discovery Applications Application vs. Platform Application Designed to help people perform an activity Platform Provides infrastructure
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationSoftwareAsset Management (SAM)
SoftwareAsset Management (SAM) Seminar Jan Corstens Agenda Introduction Software Asset Management Industry Standards SAM Technologies Software Asset Management: The Deloitte Offering The Deloitte Managed
More informationMobile multiplies Global Mobile Consumer Survey Infographics, Southeast Asia edition
Mobile multiplies Global Mobile Consumer Survey Infographics, Southeast Asia edition ADD TO CART Bank $ Total debit Total credit Contents 3 Introduction 4 The ubiquitous device 6 4G: The new normal 8 Instant
More informationHow To Design A Cloud Based Infrastructure For Spera
SAP Cloud Infrastructure Services Guiding you through your cloud journey Leveraging the cloud for your SAP environment offers an opportunity to fundamentally transform how your organization operates. If
More informationBI Market Dynamics and Future Directions
Inaugural Keynote Address Business Intelligence Conference Nov 19, 2011, New Delhi BI Market Dynamics and Future Directions Shashikant Brahmankar Head Business Intelligence & Analytics, HCL Content Evolution
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationBrochure. Update your Windows. HP Technology Services for Microsoft Windows 2003 End of Support (EOS) and Microsoft Migrations
Brochure Update your Windows HP Technology Services for Microsoft End of Support (EOS) and Microsoft Migrations Stabilize and secure your infrastructure Microsoft will end support for Windows Server 2003/R2
More informationAccenture Human Capital Management Solutions. Transforming people and process to achieve high performance
Accenture Human Capital Management Solutions Transforming people and process to achieve high performance The sophistication of our products and services requires the expertise of a special and talented
More information