Global State of Information Security Survey 2015
|
|
- Meredith Turner
- 8 years ago
- Views:
Transcription
1 Global State of Information Security Survey 2015 The risks and repercussions of security incidents continue to rise as preparedness falls.
2 Agenda Methodology Key findings Focus on data privacy and further technical controls How to increase cyber security Conclusion Contacts Slide 2
3 Methodology Slide 3
4 Methodology The Global State of Information Security Survey 2015, a worldwide study by, CIO and CSO, was conducted online from 27 March to 25 May s 17th year conducting the survey, 12th with CIO and CSO magazines Includes readers of CIO and CSO and clients of from 154 countries More than 9,700 responses from executives including CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security More than 40 questions on topics related to privacy and information security safeguards and their alignment with the business 38% of respondents from companies with revenue of USD 500 million+ 35% of respondents from North America, 34% from, 14% from Asia Pacific, 13% from South America, 4% from the Middle East and Africa Margin of error less than 1%; numbers may not add to 100% due to rounding 130 respondents from Slide 4
5 Demographics Industry sector: Company size: Transportation & Do not know Telecommunications Technology Industrial Manufacturing Hospitality / Travel & More than 200, ,001 to 200,000 75,001 to 100,000 Health Industries 50,001 to 75,000 Government Services Forest / Paper / Financial Services Engineering / Entertainment & Media 20,001 to 50,000 10,001 to 20,000 5,001 to 10,000 1,001 to 5,000 Energy / Utilities / 501 to 1,000 Education / Non-profit Consulting / Consumer Products & Agriculture Aerospace & Defense 101 to to to 50 1 to 10 0% 20% 40% 0% 10% 20% Slide 5
6 Functions and roles of participants Roles/functions (only the six most relevant roles) Business or IT Chief Information Security Officer (CISO) / VP Chief Technology Officer (CTO) Chief Information Officer (CIO) / VP Chief Operating Officer (COO) IT Business CEO / President / Managing Director 0% 5% 10% 15% 20% 25% 0% 20% 40% 60% Slide 6
7 Key findings Slide 7
8 Today, security compromises are a persistent and globally pervasive business risk The US government notifies 3,000 companies that they were attacked and charges nation-backed hackers with economic espionage. Compromises of retailers culminate in a recent breach of 56 million credit cards. Heartbleed bug results in the loss of 4.5 million healthcare records. ShellShock bug just released and might cause damage on web servers Powerful malware infects hundreds of energy companies worldwide. More than half of global securities exchanges are hacked. Regulators around the world are beginning to more proactively address cyber risks. Slide 8
9 A steady 66% year-on-year growth since 2009 Taking a longer-term view, our survey data shows that the compound annual growth rate (CAGR) of detected security incidents has increased 66% year-on-year since Slide 9
10 The bigger the business, the larger the loss Among our global survey sample, large organisations (gross annual revenues of USD 1 billion or more) detected 44% more incidents compared with last year. Medium-sized organisations (revenues of USD 100 million to USD 1 billion) showed the biggest improvement in their ability to detect incidents, discovering 64% more compromises than last year. Small organisations proved the exception in discovering security events: companies with revenues lower than USD 100 million detected 5% fewer incidents this year. Slide 10
11 The number of security incidents continues to soar Do not know 42.8 million 100,000 or more 5,000 to 99, to 4, to to 49 15% detected more then 500 incidents in to 9 1 to 2 0 or none 53% detected fewer than 10 incidents in % 5% 10% 15% 20% 25% Q18: How many security incidents were detected in the past 12 months? Slide 11
12 The financial cost of security incidents is high and rising As security incidents grow in frequency, the costs of managing and mitigating breaches also are rising. Globally, the annual estimated reported average financial loss attributed to cyber security incidents was USD 2.7 million, a jump of 34% over Not surprising, but certainly attention grabbing, is the finding that big losses are more common: organisations reporting financial hits of USD 20 million or more increased 92% over Slide 12
13 Monetary losses stretch into the billions of dollars The estimated global cost of cybercrime detected by respondents this year is more than USD 23 billion. Again, it s important to note this figure represents only detected compromises. Slide 13
14 Financial losses of security incidents in, only 26 out of 130 answered Do not know $20 million or more $10 million to $19.9 million $1 million to $9.9 million $500,000 to $999,999 $100,000 to $499,999 $50,000 to $99,999 $10,000 to $49,999 At least 9 million from 26 answers Less than $10,000 0% 5% 10% 15% 20% 25% 30% 35% Q22a: Estimated total financial losses as a result of all security incidents (in USD)? Slide 14
15 Direct financial losses followed by theft of IP and loss of customers are the main areas of losses Theft of hard intellectual property (information such strategic business plans, deal documents, sensitive Brand / reputation compromised or other applications unavailable Financial Fraud (e.g., credit card fraud) Other Loss of customers Theft of soft intellectual property (e.g., information such as processes, institutional knowledge, etc.) Financial losses 0% 5% 10% 15% 20% 25% 30% Q22: How was your organisation impacted by the security incidents? (Check all that apply) Slide 15
16 or trillions, depending on how you measure it As with the number of incidents, the global cost of security compromises is ultimately unknowable because many attacks are not reported. It s also important to note that the value of certain kinds of information intellectual property and trade secrets, in particular is very difficult to ascertain. Based on calculations determined by the Center for Responsible Enterprise And Trade (CREATe.org) and, we believe that financial losses due to the theft of trade secrets may range from USD 749 billion to as high as USD 2.2 trillion annually. Slide 16
17 Despite elevated risks, security budgets decline in 2014 Many organisations are undoubtedly worried about the rising tide of cybercrime, yet most have not increased their investment security initiatives. In fact, global IS budgets actually decreased 4% compared with And security spending as a percentage of the total IT budget has remained stalled at 4% or less for the past five years. Slide 17
18 Spending sinks from previous years, particularly among small organisations We found one explanation for the spending slow-down by looking at investment levels reported in last year s survey. In 2013, organisations reported very significant increases in spending over 2012, expanding IT investments by 40% and security spending by an even more substantial 51%. It could be that this year s respondents were hard-pressed to continue investments at that accelerated pace. Looking at security investment by company size also sheds some light on the anaemic funding. This year, companies with revenues under USD 100 million say they reduced security investments by 20% over 2013, while medium-sized and large companies report a modest 5% increase in security spend. Slide 18
19 Actual cyber security budget Do not know $30 million or more $20 million to $29.9 million $10 million to $19.9 million $5 million to $9.9 million $2 million to $4.9 million $1 million to $1.9 million $500,000 to $999,999 $100,000 to $499,999 $50,000 to $99,999 $10,000 to $49,999 Less than $10,000 0% 5% 10% 15% 20% Q8: What is your organisation s total information security budget for 2014? Slide 19
20 Information Security spendings compared to last year, 57% of Swiss Budget will increase 35.0% 30.0% 25.0% 20.0% 15.0% 10.0% 5.0% 0.0% Increase more than 30% Increase 11-30% Increase up to 10% Stay the same Decrease less than 10% Decrease 11-30% Decrease more than 30% Do not know Q9: When compared with last year, security spending over the next 12 months will Slide 20
21 Incidents attributed to insiders rise, while security preparedness falls Current and former employees are the most-cited culprits of security incidents, but implementation of key insider-threat safeguards is declining. 56% have privileged user-access tools (65% in 2013). 51% monitor user compliance with security policies (58% last year). 51% have an employee security training and awareness programme (60% in 2013). Compromises attributed to third parties with trusted access increases while due diligence weakens. 55% have security baselines for external partners, suppliers, and vendors (60% in 2013). 50% perform risk assessments on third-party vendors (53% in 2013). Slide 21
22 High growth in high-profile crimes While less frequent, incidents attributed to nation-states, organised crime and competitors increased sharply in % jump in incidents by nation-states 64% rise in compromises by competitors 26% increase in incidents by organised crime. Slide 22
23 The outsiders: cybercrime and hackers represent 50% of incidents, but insiders still at a high level! Insiders Outsiders Customers Former service providers/consultants/contr actors Domestic intelligence service Foreign nation-states Foreign entities and organizations Current service providers/consultants/contr actors Suppliers/business partners Terrorists Information brokers Activists/activist organizations/hackti Former employees Competitors Organized crime Current employees Hackers 0% 10% 20% 30% 40% 50% 0% 10% 20% 30% Q21: Estimated likely source of incidents: (check all that apply) Slide 23
24 What does this mean for budgets, incidents, new technologies, regulations, and related costs Regulation Prioritisation needed Budget pressure Slide 24
25 Focus on data privacy and further technical controls Slide 26
26 Data privacy safeguards currently in place (processes) Incident response-process to report and handle breaches to third parties that handle data Accurate inventory of where personal data for employees and customers are collected, transmitted, and stored Limit collection, retention, and access of personal information to the minimum necessary to accomplish the legitimate purpose for which it is collected Processes for cross-border data exchanges 0% 20% 40% 60% 80% Q12: Which data privacy safeguards does your organisation currently have in place? (Processes) Slide 27
27 Monitoring, response and, even, risk management are outsourced most often Incident response-process to report and handle breaches to third parties that handle data Accurate inventory of locations or jurisdictions where data is stored Require third parties (including outsourcing vendors) to comply with our privacy policies Conduct risk assessments of internal and external risks to the privacy, security, confidentiality, and integrity of electronic and paper records containing personal information (e.g., through internal audit) Certification under the Swiss or EU Safe Harbor Agreement, model contracts, customer or employee consent, or binding corporate rules 0% 10% 20% 30% 40% 50% 60% Q12b: Which data privacy safeguards does your organisation currently outsource? (Processes) Slide 28
28 Data privacy safeguards currently in place (people) Impose disciplinary measures for privacy program violations Require our employees to complete training on privacy policy and practices Require our employees to certify in writing that they comply with our privacy policies Employ Chief Privacy Officer (CPO) or similar executive in charge of privacy compliance 0% 20% 40% 60% 80% Q12a: Which data privacy safeguards does your organisation currently have in place? (People) Slide 29
29 Safeguards for inventory, monitoring, incident handling, cross-border exchange are on the way Ongoing monitoring of the data privacy program Incident response-process to report and handle breaches to third parties that handle data Accurate inventory of where personal data for employees and customers are collected, transmitted, and stored Limit collection, retention, and access of personal information to the minimum necessary to accomplish the legitimate purpose for which it is collected A written privacy policy is in place and published on our external website Processes for cross-border data exchanges 0% 10% 20% 30% 40% 50% Q12c: Which data privacy safeguards does your organisation not have in place, but is a top priority over the next 12 months? (Processes) Slide 30
30 Cyber insurance and what we do with it 70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% Made a claim Collected on a claim Taken steps to enhance the organization s security posture to lower the insurance premium Do not know Q26a: If your organisation has cyber insurance, has it Slide 31
31 Maturity Level Be compliant and then secure reducing cyber risks is one of the least used arguments Do not know Other Lack of regulatory findings Lack of audit findings Professional judgment Improvement against security metrics Net present value cost of ownership Payback period Internal rate of return Return on investment (ROI) Reduction in security risks 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% Q38: How does your company measure the effectiveness of information security spending? (Check all that apply) Slide 32
32 What technical security measures are already in place (top 10)? Malware or virus-protection software Centralized user data store Encryption of databases Secure remote access (VPN) Unauthorized use or access-monitoring tools Encryption of networking transmissions (wireless, wired, etc.) Network access control software Security information and event management (SIEM) technologies Network firewalls Application firewalls 0% 20% 40% 60% 80% 100% Q15: What technology information security safeguards does your organisation currently have in place? Slide 33
33 What technical security measures are already in place but outsourced (top 10)? Encryption of Web transactions Encryption of file shares User-activity monitoring tools Privileged user access Network firewalls Protection/detection management solution for advanced persistent threats (APTs) Asset-management tools Intrusion-detection tools Security technologies supporting Web 2.0 exchanges such as social networks, blogs, microblogging, wikis, or other Role-based authorization 0% 10% 20% 30% 40% 50% Q15: What technology information security safeguards does your organisation currently outsource? Slide 34
34 What technical security measures will be deployed the next 12 months (top 10)? Secure access-control measures Code-analysis tools Disposable passwords/smart cards/tokens for authentication Asset-management tools Enterprise content-management tools Malicious code-detection tools Automated account provisioning/de-provisioning Behavioral profiling and monitoring Encryption of smart phones Vulnerability scanning tools 0% 10% 20% 30% 40% Q15: What technology information security safeguards does your organisation not have in place, but is a top priority over the next 12 months? Slide 35
35 How to increase cyber security Slide 36
36 To improve cyber security, we need to convince C-level and agree on a strategy. Absence or shortage of in-house technical expertise Poorly integrated or overly complex information and IT systems Lack of an actionable vision or understanding of how future business needs impact information security Leadership: CISO, CSO, or equivalent Insufficient operating expenditures Insufficient capital expenditures Lack of an effective information security strategy Leadership: CIO or equivalent Leadership: CEO, President, Board, or equivalent 50% leadership 0% 10% 20% 30% 40% 50% Q28: What are the greatest obstacles to improving the overall strategic effectiveness of your organisation s information security function? (Check all that apply) Slide 37
37 Conclusion Slide 38
38 Taking action: 5 steps toward a strategic security programme Ensure that your cyber security strategy is aligned with business objectives and is strategically funded Identify your most valuable information assets and prioritise protection of this high-value data Improve processes for earlier detection, Reduce the time from detect to respond Assess cyber security of third parties and supply chain partners, and ensure they adhere to your security policies and practices Collaborate with others to increase awareness of cyber security threats and response tactics Slide 39
39 Contacts Slide 40
40 Jan Schreuder, Partner Yan Borboën, Director Marc Impini, Assistant Manager visit All rights reserved. refers to the network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. PricewaterhouseCoopers has exercised reasonable care in the collecting, processing, and reporting of this information but has not independently verified, validated, or audited the data to verify the accuracy or completeness of the information. PricewaterhouseCoopers gives no express or implied warranties, including but not limited to any warranties of merchantability or fitness for a particular purpose or use and shall not be liable to any entity or person using this document, or have any liability with respect to this document. This report is intended for internal use only by the recipient and should not be provided in writing or otherwise to any other third party without PricewaterhouseCoopers express written consent.
Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDefending yesterday. Technology. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDefending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDefending yesterday. Telecommunications. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationDefending yesterday. Power & Utilities. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More information20+ At risk and unready in an interconnected world
At risk and unready in an interconnected world Key findings from The Global State of Information Security Survey 2015 Cyber attacks against power and utilities organizations have transitioned from theoretical
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More information2015 Global Study on IT Security Spending & Investments
2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming
More informationDefending yesterday. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationDriving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015
Driving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015 Technology advances like telematics, networked manufacturing tools, and
More informationThe Importance of Senior Executive Involvement in Breach Response
The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More information2014: A Year of Mega Breaches
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More informationSRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS
More informationINTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationHow To Protect Your Organization From Insider Threats
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT
More informationSecurity deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015
Security deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015 It will come as no surprise to most financial services executives that information security
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationThe economics of IT risk and reputation
Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global
More informationPerceptions About Network Security Survey of IT & IT security practitioners in the U.S.
Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More information7 Things All CFOs Should Know About Cyber Security
Insero & Company s Accounting & Finance Education Series Presents 7 Things All CFOs Should Know About Cyber Security September 23, 2014 Michael Montagliano Chief Technologist, IV4. Inc. CERTIFIED PUBLIC
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationThe State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015
The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationExecutive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3
GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More information2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY
2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY 1 EXECUTIVE SUMMARY INTRODUCING THE 2015 GLOBAL THREAT INTELLIGENCE REPORT Over the last several years, there has been significant security industry
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationGlobal trends in information security
Global trends in information security Trends on the following topics are discussed in this newsflash: leadership behavior incidents and privacy tools safeguards related to people Introduction LinkedIn,
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More informationon Data and Identity Theft*
on Data and Identity Theft* What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers. October 2008 A collaborative business world s Achilles heel
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationAlways Worry About Cyber Security. Always. Track 4 Session 8
Always Worry About Cyber Security. Always. Track 4 Session 8 Mark Stevens SVP, Global Services and Support Digital Guardian MStevens@DigitalGuardian.com 781-902-7818 www.digitalguardian.com 2 Abstract
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationData Security in Development & Testing
Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationW H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s
W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s IDC Middle East, Africa, and Turkey, Al Thuraya Tower 1, Level 15, Dubai
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationImproving cyber readiness in an interconnected world Key findings from The Global State of Information Security Survey 2015
Improving cyber readiness in an interconnected world Key findings from The Global State of Information Security Survey 2015 organizations tend to have comparatively robust and mature cybersecurity programs.
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationEscalating concern over cyber threats has CEOs warming to government collaboration
Escalating concern over cyber threats has CEOs warming to government collaboration 2015 US CEO Survey Leading in extraordinary times With cyber attacks the new normal in business, CEOs from the biggest
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationELECTRONIC INFORMATION SECURITY A.R.
A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy
More informationCybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
Cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 Over the past year, the phrase data breach has become closely associated with
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationAANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services
TACTICAL FLEX, INC. AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF Aanval for Financial Services Aanval is a product of Tactical FLEX, Inc. - Copyright 2012 - All Rights Reserved Challenge for IT in Today s Financial
More informationCyber Security on the Offense: A Study of IT Security Experts
Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report
More informationOverall, which types of fraud has your organisation experienced in the past year?
1) Overall, which types of fraud has your organisation experienced in the past year? Insider fraud Corporate Account Takeover Consumer Account Takeover ATM/ABM (skimming, ram raid, etc.) Bill pay Cheque
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationInformation Technology in the Automotive Aftermarket
Information Technology in the Automotive Aftermarket March 2015 AASA Thought Leadership: The following white paper consists of key takeaways from three AASA surveys conducted in 2014, which focused on
More informationACE European Risk Briefing 2012
#5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationContinuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability
A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around
More informationPCI Compliance in Multi-Site Retail Environments
TECHNICAL ASSESSMENT WHITE PAPER PCI Compliance in Multi-Site Retail Environments Executive Summary As an independent auditor, Coalfire seeks to be a trusted advisor to our clients. Our role is to help
More information