Cyber-Security: Proactively managing the cyber threat landscape
|
|
- Diane Patterson
- 8 years ago
- Views:
Transcription
1 Cyber-Security: Proactively managing the cyber threat landscape
2 Agenda Understanding the cyber threat landscape Building a resilient Cyber Risk capability An Internal Audit approach Closing thoughts
3 Understanding the cyber threat landscape
4 The evolving threat landscape Lilly scientists stole $55 million in trade secrets 1 Indianapolis Business Journal, October 8, 2013 Last year, over 800 million records were breached globally, up from 250 million in 2012 The Economist, July 2014 Target missed signs of a data breach (40 million credit card numbers compromised) 2 NY Times, March 13, 2014 On a scale of 1 to 10 American preparedness for a large-scale cyber attack is around a 3 3 Why? NY Times, July 2012 $55 million 800 million 40 million 3 Changing regulatory environment Regulatory changes continue to absorb resources and attention. Technology innovations that drive business growth also create cyber risk. New technology-enabled business models create new opportunities for malicious actors to exploit and higher likelihood of accidental vulnerabilities. Corporate change & innovation Evolving threat environment Cyber threats are asymmetrical risks. Cyber crime grows in sophistication, and attacks increase in speed and number, while time to respond decreases. Targeted attacks on operations, brand, and competitive advantage are more impactful than ever
5 Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government and regulatory focus Recent U.S. Securities and Exchange Commission (SEC) guidance regarding disclosure obligations relating to cybersecurity risks and incidents.. Registrants should address cybersecurity risks and cyber incidents in their Management s Discussion and Analysis of Financial Condition and Results of Operations (MD&A), Risk Factors, Description of Business, Legal Proceedings and Financial Statement Disclosures. SEC Division of Corporate Finance Disclosure Guidance: Topic No. 2 Cybersecurity Ever-growing concerns about cyber-attacks affecting the nation s critical infrastructure prompted the signing of the Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity. The Executive Order highlights the focus on an improved cybersecurity framework and the rapid changes of regulatory agency expectations and oversight One of the foundational drivers behind the update and release of the 2013 COSO Framework was the need to address how organizations use and rely on evolving technology for internal control purposes 5
6 Cyber risk (cont d) Roles and responsibilities Effective risk management is the product of multiple layers of risk defense. Internal Audit should support the board s need to understand the effectiveness of cybersecurity controls. Roles and responsibilities 1 st Line of defense business and IT functions Incorporate risk-informed decision making into day-to-day operations and fully integrate risk management into operational processes Define risk appetite and escalate risks outside of tolerance Mitigate risks, as appropriate 2 nd Line of defense information and technology risk management function Establish governance and oversight Set risk baselines, policies, and standards Implement tools and processes Monitor and call for action, as appropriate Provide oversight, consultation, checks and balances, and enterprise-level policies and standards 3 rd Line of defense internal audit Independently review program effectiveness Provide confirmation to the board on risk management effectiveness Meet requirements of SEC disclosure obligations focused on cybersecurity risks Given recent high profile cyber attacks and data losses, and the SEC s and other regulators expectations, it is critical for Internal Audit to understand cyber risks and be prepared to address the questions and concerns expressed by the audit committee and the board 6
7 What are we seeing? 1 Attack vector shifting from technology to people. 2 Attack patterns are increasingly starting to look like normal behavior. Threats are increasingly hiding in plain sight. Some of the threats are adaptive and have the ability to go into dormant mode, making them difficult to detect. 3 Criminals, state actors and even Hactivists are building better intelligence, capability and have a wider network of resources than organizations (i.e., wideningcapability gap). 4 Supply chain and business partner poisoning or lateral entry are on the rise. 5 Advanced Threat Adversaries' Calling Card defy traditional signature-based approaches. 7
8 Incident patterns of incidents can be described by just nine basic patterns Card skimmers Cyber-espionage Physical theft/loss Point-of-sale intrusions Miscellaneous errors Web application attacks Everything else Insider misuse Crimeware Denial of service attacks of incidents in an industry can be described by just three of the nine patterns 8
9 It starts by understanding your organizational risk appetite Who might attack? What are they after and what key business risks must we mitigate? What tactics might they use? Cyber criminals Hactivists (agenda driven) Nation states Malicious insiders Rogue suppliers Competitors Skilled individual hacker Sensitive data Financial fraud (e.g., wire transfer, payments) Business disruption (building systems, etc.) Threats to health & safety Spear phishing, drive by download, etc. Software or hardware vulnerabilities Third party compromise Stolen credentials Control systems compromise Ultimately cyber is about brand and reputation with your tenants and investors 9
10 Cyber Crime Who Did it? Espionage What Did they see & take? Warfare When Do we fight back? Terrorism Why Did they do it? Security How Do we prevent it (again)? What is the actual threat? 10
11 New technologies, new threats What How Reconnaissance Gain intelligence and identify vulnerabilities Research the internet, call call-centers, trawl social media etc. Attack Target identified vulnerabilities Targeted attacks, unsuspecting downloads from malicious or compromised websites, exploit application or infrastructure software vulnerabilities etc. Exploit Gain broad deep access Escalate privileges, gain increased access, observe/control network or servers, increase sophistication of attacks, hide tracks, etc. Your business Strategic assets, financial assets, data & intelligence Fulfill objective Steal/damage/disrupt Encrypt then exfiltrate data being stolen, stay hidden for long periods of time, erase digital footprint Vulnerability Target 11
12 Speed of attack is accelerating Initial attack to initial compromise takes place within minutes (almost 3 of 4 cases) 72% 59% Containment (post-discovery) requires weeks or longer Data leaks occur within minutes (nearly half) 46% 72% Discovery takes weeks or longer Time is of the essence 12
13 Case study JP Morgan Chase & Co. News agencies report of FBI investigating the bank JP maintains the statement isn t seeing any unusual fraud activity JP reports to US- SEC, reveals details of cyberattack State attorneys seek information from JP about the breach JP learns of attack, closes all network access path JP says it isn't seeing unusual fraud Victim timeline Mid-June Mid-August Aug 27 Aug 28 Sept 11 Oct 2 Jan 08 Attacker timeline Attackers gain access to JP servers steals Personal information * 13
14 Building a resilient Cyber Risk capability 14
15 Build a resilient cyber security organization This means having the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents Secure Vigilant Resilient Are controls in place to guard against known and emerging threats? Can we detect malicious or unauthorized activity, including the unknown? Can we act and recover quickly to minimize impact? Cyber governance Cyber threat intelligence Cyber threat mitigation Cyber incident response 15
16 Changes in threat landscape versus capability Cat A SIEM (Near real time analysis) Cat B Behavioral analysis and machine learning (mid term analysis) Cat C Cyber analytics (long term analysis) Signature based (e.g., correlation) Behavioral analysis and machine learning model Risk analytics (including BDSA) Conventional warfare Conventional (Conventional warfare, symmetric vectors) Guerilla (Hide among civilians (hide in plain sight)) Espionage (Seek, analyze and exfiltrate) Cyber warfare Infrastructure threats (Retail threats, open toolkits, general Botnet, Distributed denial of service) Targeted attacks (Hide within business traffic)) Cyber-espionage (Seek, analyze and exfiltrate) System 1 learning System 2 learning Effective Marginally effective In-effective 16
17 Building your defenses Options Insource Outsource Co-source 17
18 Operating model Benefits and challenges Insource Outsource Co-source Industry and business alignment Level one monitoring and management Industry and risk profile alignment Level one, two and three monitoring and management Business, industry and risk profile alignment Level one, two and three monitoring and management Maintain and enhance existing use cases Alignment of use cases to evolving threat landscape Alignment of use cases to evolving threat landscape Limited threat intelligence gathering Proactive cyber threat intelligence Proactive cyber threat intelligence Resourcing required to operate three shifts Round the clock monitoring, management and incident response Round the clock monitoring, management and incident response Hardware, build, run and maintain costs Cloud based service utility based costing Hardware, build, run and maintain costs Capex Opex Capex and Opex 18
19 An internal audit approach 19
20 Cyber risk Deloitte cybersecurity framework* An assessment of the organization s cybersecurity should evaluate specific capabilities across multiple domains Cybersecurity risk and compliance management Secure development life cycle Security program and talent management Secure Compliance monitoring Issue and corrective action planning Regulatory and exam management Risk and compliance assessment and mgmt. Integrated requirements and control framework Third-party management Secure build and testing Secure coding guidelines Application role design/access Security design/architecture Security/risk requirements Information and asset management Security direction and strategy Security budget and finance management Policy and standards management Exception management Talent strategy Identity and access management Evaluation and selection Contract and service initiation Ongoing monitoring Service termination Information and asset classification and inventory Information records management Physical and environment security controls Physical media handling Account provisioning Privileged user management Access certification Access management and governance Threat and vulnerability management Data management and protection Risk analytics Vigilant Incident response and forensics Application security testing Threat modeling and intelligence Security event monitoring and logging Penetration testing Vulnerability management Data classification and inventory Breach notification and management Data loss prevention Data security strategy Data encryption and obfuscation Records and mobile device management Information gathering and analysis around: User, account, entity Events/incidents Fraud and anti-money laundering Operational loss Crisis management and resiliency Security operations Security awareness and training Resilient Recover strategy, plans & procedures Testing & exercising Business impact analysis Business continuity planning Disaster recovery planning Change management Configuration management Network defense Security operations management Security architecture Security training Security awareness Third-party responsibilities * The Deloitte cybersecurity framework is aligned with industry standards and maps to NIST, ISO, COSO, and ITIL. As used in this document, Deloitte means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. 20
21 Cyber risk Deloitte cybersecurity framework* (cont d) Certain cybersecurity domains may be partially covered by existing IT audits, however many capabilities have historically not been reviewed by internal audit Cybersecurity risk and compliance management Secure development life cycle Security program and talent management Secure Compliance monitoring Issue and corrective action planning Regulatory and exam management Risk and compliance assessment and mgmt. Integrated requirements and control framework Third-party management Secure build and testing Secure coding guidelines Application role design/access Security design/architecture Security/risk requirements Information and asset management Security direction and strategy Security budget and finance management Policy and standards management Exception management Talent strategy Identity and access management Evaluation and selection Contract and service initiation Ongoing monitoring Service termination Information and asset classification and inventory Information records management Physical and environment security controls Physical media handling Account provisioning Privileged user management Access certification Access management and governance Threat and vulnerability management Data management and protection Risk analytics Vigilant Incident response and forensics Application security testing Threat modeling and intelligence Security event monitoring and logging Penetration testing Vulnerability management Data classification and inventory Breach notification and management Data loss prevention Data security strategy Data encryption and obfuscation Records and mobile device management Information gathering and analysis around: User, account, entity Events/incidents Fraud and anti-money laundering Operational loss Crisis management and resiliency Security operations Security awareness and training Resilient Recover strategy, plans & procedures Testing & exercising Business impact analysis Business continuity planning Disaster recovery planning Change management Configuration management Network defense Security operations management Security architecture Security training Security awareness Third-party responsibilities * The Deloitte cybersecurity framework is aligned with industry standards and maps to NIST, ISO, COSO, and ITIL. SOX (financially relevant systems only Penetration and vulnerability testing BCP/DRP Testing 21
22 Cyber risk Assessment approach An internal audit assessment of cybersecurity should cover all domains and relevant capabilities, and involve subject matter specialists when appropriate Phase Phase I: Planning and scoping Phase II: Understand current state Phase III: Risk assessment Phase IV: Gap assessment and recommendations Key activities Activities: Identify specific internal and external stakeholders: IT, Compliance, Legal, Risk, etc. Understand organization mission and objectives Identify industry requirements and regulatory landscape Perform industry and sector risk profiling (i.e., review industry reports, news, trends, risk vectors) Identify in-scope systems and assets Identify vendors and third-party involvement Activities: Conduct interviews and workshops to understand the current profile Perform walkthroughs of in-scope systems and processes to understand existing controls Understand the use of third-parties, including reviews of applicable reports Review relevant policies and procedures, including security environment, strategic plans, and governance for both internal and external stakeholders Review self assessments Review prior audits Activities: Document list of potential risks across all in-scope capabilities Collaborate with subject matter specialists and management to stratify emerging risks, and document potential impact Evaluate likelihood and impact of risks Prioritize risks based upon organization s objectives, capabilities, and risk appetite Review and validate the risk assessment results with management and identify criticality Activities: Document capability assessment results and develop assessment scorecard Review assessment results with specific stakeholders Identify gaps and evaluate potential severity Map to maturity analysis Document recommendations Develop multiyear cybersecurity/it audit plan Deliverables Deliverable: Assessment objectives and scope Capability assessment scorecard framework Deliverable: Understanding of environment and current state Deliverable: Prioritized risk ranking Capability assessment findings Deliverables: Maturity analysis Assessment scorecard Remediation recommendations Cybersecurity audit plan 22
23 Cyber risk Assessment maturity analysis Maintaining and enhancing security capabilities can help mitigate cyber threats and help the organization to arrive at its desired level of maturity Recognized the issue Ad-hoc/case by case Partially achieved goals No training, communication, or standardization Secure Vigilant Resilient Stage 1: Initial Stage 2: Managed Stage 3: Defined Stage 4: Predictable Cybersecurity domain Cybersecurity risk and compliance mgmt. Third-party management Secure development life cycle Information and asset management Security program and talent management Identity and access management Threat and vulnerability management Data management and protection Risk analytics Crisis management and resiliency Security operations Security awareness and training Process is managed Responsibility defined Defined procedures with deviations Process reviews Defined process Communicated procedures Performance data collected Integrated with other processes Compliance oversight Defined quantitative performance thresholds and control limits Constant improvement Automation and tools implemented Managed to business objectives Maturity analysis Initial Managed Defined Predictable Optimized Stage 5: Optimized Continuously improved Improvement objectives defined Integrated with IT Automated workflow Improvements from new technology Current state CMMI maturity* *The industry recognized Capability Maturity Model Integration (CMMI) can be used as the model for the assessment. Each domain consists of specific capabilities which are assessed and averaged to calculate an overall domain maturity. 23
24 Cyber risk Assessment scorecard A scorecard can support the overall maturity assessment, with detailed cyber risks for people, process, and technology. Findings should be documented and recommendations identified for all gaps Secure Vigilant Resilient Cybersecurity domain Cybersecurity risk and compliance mgmt. Third-party management Secure development life cycle Information and asset management Security program and talent management Identity and access management Threat and vulnerability management Data management and protection Risk analytics Crisis management and resiliency Security operations Security awareness and training Assessment scorecard People Process Technology Threat and vulnerability management Penetration testing Area Findings Ref. Recommendations Ref. People Process Technology The organization has some resources within the ISOC that can conduct penetration testing, but not on a routine basis due to operational constraints and multiple roles that those resources are fulfilling The organization has limited capability to conduct penetration testing in a staged environment or against new and emerging threats The organization lacks standard tools to perform its own ad-hoc and onthe-spot penetration tests to confirm or support potential vulnerability assessment alerts and/or incident investigation findings. Capability assessment findings and recommendations The organization may find it of more value and cost benefit to utilize current resources to conduct internal penetration testing on a routine and dedicated basis since they do have individuals with the necessary skills to perform this duty. The organization should expand its penetration testing capability to include more advance testing, more advanced social engineering, and develop greater control over the frequency of testing Either through agreement with a third-party vendor, or through technology acquisition, develop the technology capability to perform out of cycle penetration testing : Initial 2: Managed 3: Defined 4: Predictable 5: Optimized 24
25 A cybersecurity assessment can drive a risk-based IT internal audit plan. Audit frequency should correspond to the level of risk identified, and applicable regulatory requirements/expectations. Internal Audit FY 2015 FY 2016 FY 2017 Notes (representative) SOX IT General Computer Controls External Penetration and Vulnerability Testing X X X Annual requirement but only covers financially significant systems and applications X X X Cover a portion of IP addresses each year Internal Vulnerability Testing X Lower risk due to physical access controls Business Continuity Plan/Disaster Recovery Plan Data Protection and Information Security X Cyber risk Representative internal audit plan X X Coordinate with annual 1 st and 2 nd line of defense testing Lower risk due to Third-party Management X Lower risk due to Risk Analytics X X X Annual testing to cycle through risk areas, and continuous monitoring Crisis Management X X Cyber war gaming scenario planned Social Media X Social media policy and awareness program Data Loss Protection (DLP) X Shared drive scan for SSN/Credit Card # 25
26 Closing thoughts 26
27 Key considerations 1. Know your crown jewels not just what you want to protect, but what you need to protect 2. Know your friends contractors, vendors and suppliers can be security allies or liabilities 3. Understand the threat landscape and assess incremental threat scenarios that expose your organization to risk 4. Assess controls and Identify gaps in policies, standards, processes, metrics and reporting, etc. 5. Maintain cyber security as an organizational priority and standing agenda item in audit committee updates 6. Apprise the Audit Committee of key risks, enterprise level risk trends related to cyber security 7. Make awareness a priority within every internal department and among external partners 8. Fortify and monitor situational awareness, diligently gather intelligence, build, maintain and proactively monitor 9. Prepare for the inevitable Test your incident management process 27
28 For more information If you would like more information on cyber security or how Deloitte can help your organization, please contact one of the following professionals: Nick Galletto Americas Cyber Risk Leader Deloitte Michael Juergens Managing Principal IT Internal Audit Deloitte
29 Cyber risk Deloitte IT internal audit Leading cybersecurity risk management services Specifically suited to collaborate with you The right resources at the right time Deloitte has provided IT audit services for the past 30 years and IT audit training to the profession for more than 15 years. Our professionals bring uncommon insights and a differentiated approach to IT auditing, and we are committed to remaining an industry leader. We have distinct advantages through: Access to a global team of IA professionals, including IT subject matter specialists in a variety of technologies and risk areas A responsive team of cyber risk specialists with wide-ranging capabilities virtually anywhere in the world, prepared to advise as circumstances arise or as business needs change A differentiated IT IA approach that has been honed over the years in some of the most demanding environments in the world, with tools and methodologies that help accelerate IT audit Access to leading practices and the latest IT thought leadership on audit trends and issues Number 1 provider of cyber risk management solutions The only organization with the breadth, depth, and insight to help complex organizations become secure, vigilant, and resilient cyber risk management projects in the U.S. alone in 2014 executed cross industry 11,000 risk management and security professionals globally across the Deloitte Touche Tohmatsu Limited network of member firms Contributing to the betterment of cyber risk management practices Assisted National Institute of Standards and Technology in developing their cybersecurity framework in response to the 2013 Executive Order for Improving Critical Infrastructure Cybersecurity Third-party observer of the Quantum Dawn 2 Cyber Attack Simulation, conducted by the Securities Industry and Financial Markets Association in July 2013 Working with government agencies on advanced threat solutions Named as a Kennedy Vanguard Leader in cyber security consulting: [Deloitte] continually develops, tests, and launches methodologies that reflect a deep understanding of clients cyber security and help the firm set the bar. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates 2013 Kennedy Information, LLC. Rreproduced under license. Deloitte s ability to execute rated the highest of all the participants Forrester Research, Forrester Wave TM : Information Security Consulting Services Q1 2013, Ed Ferrara and Andrew Rose, February 1,
30 Deloitte, one of Canada's leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte LLP and affiliated entities.
Cybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationWhere insights lead Cybersecurity and the role of internal audit: An urgent call to action
Where insights lead Cybersecurity and the role of internal audit: An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks
Cyber security: everybody s imperative A guide for the C-suite and boards on guarding against cyber risks Secure Enhance risk-prioritized controls to protect against known and emerging threats, and comply
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationRich Baich Principal March 22, 2012
Cyber espionage The harsh reality of advanced security threats Rich Baich Principal March 22, 2012 Agenda Introductions Threat landscape update How organizations are responding Other discussion topics
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationThe cyber security imperative. Protect your organization from cyber threats
The cyber security imperative Protect your organization from cyber threats Contents Cyber threats are real and growing... 1 A full range of cyber security solutions... 2 Managed Security Services (MSS)...
More informationStanding together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015
Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report November 23, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario
More informationCybersecurity: The changing role of audit committee and internal audit
Cybersecurity: The changing role of audit committee and internal audit Contents 1. Introduction 3 2. What is the role of Internal Audit and the Audit committee? 4 2.1 Three Lines of Defence Model 4 2.2
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationAn New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com
An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationThreat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationAfter the Attack. The Transformation of EMC Security Operations
After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationAnatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationHow a Company s IT Systems Can Be Breached Despite Strict Security Protocols
How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationThe enemies ashore Vulnerabilities & hackers: A relationship that works
The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationCybersecurity..Is your PE Firm Ready? October 30, 2014
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop Small Agency Threat and Vulnerability Management Policy May 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationEndpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014
Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More information