Cyber Security: from threat to opportunity
|
|
- Shanon Gordon
- 8 years ago
- Views:
Transcription
1 IT ADVISORY Cyber Security: from threat to opportunity From threat to opportunity / Cyber security / 1
2 FOREWORD OPPORTUNITY-DRIVEN CYBER SECURITY Cyber security (also known as information security or information protection) is a key theme in today s business reality. Now that the success of many organisations has proven to be dependent on digital assets, it would be easy to elaborate only on cyber security threats. The question is: does focusing on fear, uncertainty and doubt really help your organisation to move any further along in this area? 1 COMPETITIVE ADVANTAGES Let there be no misunderstanding: we believe it is of the utmost importance to be adequately protected against cyber threats. These threats create cyber risks that organisations need to manage as part of their enterprise risk management - in order to have a licence to operate. But it is time to look at cyber security from a different angle. Organisations should start looking at cyber security as an opportunity that will add extra value to a company s products and services. John Hermans Partner, KPMG Risk Consulting We are convinced that making the right decisions when it comes to cyber security can result in a competitive advantage. Being well prepared means that organisations can prepare for innovations and new market opportunities better than competitors can. Such organisations will also earn more trust from customers and other stakeholders. Examples of this potential for a competitive advantage: Organisations that can assure their customers, stakeholders and employees that their information is properly protected are more trustworthy in the eye of the public; Governments and large corporates demand confidence in information management and use it as a qualifier for contracts and/or partnerships; Better cyber security results in lower costs arising from IT failures; Visible compliance with privacy regulations strengthens the brand reputation. To unlock this potential we need a holistic, intelligence-led, and partnership-based approach aimed at building a cyber-resilient organisation. 2 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 3
3 In an ideal world, the following statements summarise the roles and responsibilities that each person in an organisation must assume with regard to cyber security. Following a wave of high-profile incidents, cyber security is no longer seen as just an IT issue. It is increasingly becoming a topic for the executive board. The Chairman Cyber security is a standing agenda item for the board. We have a robust cyber security strategy in place, regularly review our threat landscape and hold our executives accountable for their responsibilities. The CISO We effectively manage information risks within the organisation together with our delivery and supply partners. We know where our critical data is stored and who has access to it. Risk & Legal Our regulatory and international certification standards are relevant and up to date. We know about the latest fines and consequences for data breaches. The CEO We are prepared to deal with security events. Should hackers claim success via the media, we can demonstrate that we have not been subject to a breach. The Chief Operating Officer on operations and external suppliers We are aware of the safeguards required when adopting new business models such as outsourcing, offshoring and cloud services. Cyber security is an integral part of our procurement process. The CIO on IT development and IT operations All new systems, products and services are developed using secure-by-design principles. Effective monitoring in the value chain helps us to identify risks and minimise the impact of compromise. Audit commitees and Performance functions Monitoring and reporting our organisational Monitoring and reporting our organisational status quo and areas of cyber security enables us to instil confidence. The Head of Human Resources Throughout our organisation, people have the awareness, skills and knowledge to minimise cyber risks. We vet our contractors and carefully manage our induction and exit process. The Chief Financial Officer We have made targeted investments in cyber security, taking the value of our assets, our vulnerabilities and the changing threat landscape into account. 2 CLEAR RESPONSIBILITIES 4 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 5
4 3 INTERLINKING BUILDING BLOCKS KPMG s approach towards cyber security paints a picture of how cyber security is and should be embedded in the organisation, looking at all the building blocks required for a resilient organisation and how these interact. Economic Technological Changing Threat Landscape Market Market Legal Under what circumstances could security throw a spanner in the works when it comes to realising my business strategy? And what does it take for my organisation to prevent such risks from materialising? Effective cyber security measures help organisations to better reach their strategic goals. In short, when is my organisation sufficiently resilient? echnological evelopments Changing Threat Landscape KPMG has developed an integrated approach to help you answer these questions and develop the desired security operating model Leadership and governance Board demonstrating due diligence, ownership and effective management of risk. Information risk management Market Legal The approach to achieve comprehensive and effective risk management of information throughout the organisation and its delivery and supply partners. Human factors The level and integration of a security culture which empowers people with the right skills, knowledge and responsibility. Leadership and governance Information risk management Human factors Leadership and governance 4 5 Business operations and technology. The level of physical and digital security measures implemented to address identified risks across the information value chain and to minimise the impact of compromise. This includes the development of new products, processes and services, IT operations and third party management. Business continuity and crisis management Preparations to detect and address security events and the ability to prevent or minimise its impact. Business operations and technology Business continuity and crisis management Information risk management 6 Legal and compliance Regulatory and international certification standards as relevant. Legal and compliance Human factors 7 Monitoring and reporting The Board of Management getting the management information needed to effectively govern cyber security across the organisation and to effectively drive the strategic security risks. Monitoring and reporting 6 / Cyber Security security / From threat to opportunity From threat to opportunity / Cyber security / 7
5 4 FROM AD HOC RESPONSES TO INTELLIGENCE-BASED FOCUS Resilient enterprise The enterprise has incorporated cyber resilience through its value chains, implemented cyber security measures based on strategic threat and vulnerability assessments Rome wasn t built in a day and neither is it possible to create a resilient organisation overnight. The challenge is to place the right focus on the different building blocks in the right order. Together we tailor an approach which will guide your organisation through the various maturity levels to reach the desired end state as efficiently as possible. In today s rapidly changing world an intelligence-led way of working is the key to ensuring the real threats to the organisation are known and addressed. Dynamic defence Predictive and agile, the enterprise instantiates policy and implements measures in its processes and procedures KPMG has the expertise and experience to develop a cyber security roadmap tailored to your organisation. This roadmap shows when and how to focus on the different building blocks and which targeted investments are needed to build an intelligence-led resilient organisation. Tools-based Applying tools and technologies piecemeal to assist people in reacting faster Integrated picture Loosely integrated with a focus on interoperability and standards, initial situational awareness Our four step approach to determine the security operating model needed to support your business strategy: 1. Obtain a solid understanding of the organisation s strategy 2. Determine the security operating model & maturity level needed to achieve the strategic goals 3. Assess the current level of security maturity of each building block Reactive & manual People unquestioningly following doctrine and doing their best to put out fires 4. Develop a tailored action plan for each building block 8 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 9
6 5 OUR SERVICES KPMG can help you understand your current state of preparedness against cyber attacks and assist you in closing any gaps. Whether from a governance, people, process or technology viewpoint, our services can help you improve your state of preparedness. To achieve that, we have developed KPMG s Cyber Security Framework consisting of four major phases: Phase 1: Prepare Prepare Developing an approach tailored to your specific organisation and ambitions CYBER Integrate THREAT INTELLIGENCE TRANSFORMATION Protect Everyone can go off and buy security solutions, but wouldn t it be much better if someone listened to your concerns, views and questions? Someone who helps you to complete the picture of threats and opportunities? The prepare phase of KPMG s Cyber Security Framework helps our clients to develop a cyber security strategy tailored to their specific business settings and ambitions. The secret to success is to gain deep insights into your business strategy and understand which processes and/ or systems represent the greatest assets from a cyber security perspective. It is also important to get clarity on how much risk you are willing to take in relation to these processes and/or systems (risk appetite). It is essential to focus on the right areas. To ensure we do this, we start by jointly determining the strategic security risks of your organisation. The central question: where can a lack of security throw a spanner in the works when it comes to the realisation of your business strategy? This marks the starting point of this tailored approach. KPMG has developed a complete model showing the different maturity levels and what to do to achieve them. Using this model we can quickly help you design a tailored plan to achieve the desired level of security maturity and bring risks back to an acceptable level. KPMG can help your organisation in: Cyber security awareness: demonstrating to your stakeholders (e.g. via cyber gaming) what cyber security is all about; Security governance: developing or assessing the governance model needed for effective cyber security. Verify its alignment within the three lines of defence model; Risk management methodology: developing a methodology that will facilitate security risk management within the organisation; Cyber maturity assessment: painting an integral picture of the cyber state of your organisation with our cyber maturity assessment and security compliance & in-control scan; Threat trends analysis: analysing your current cyber threat landscape; Business impact assessment: providing a pragmatic approach to identify the security risks in your key processes; Business continuity and recovery: establishing policies and practices for dealing with major operational disruption. Developing and testing the recovery plans needed to face the continuity challenges; Security risk assessment: assess the dependence on processes & applications, threats & vulnerabilities to determine the current risks that need to be mitigated; Security strategy and vision development: designing a security strategy that will position cyber security as your business enabler and will realise your ambitions in the desired timeframes. Detect & respond 10 / Cyber security / From threat to opportunity KPMG Advisory N.V. N.V KPMG Advisory N.V. From threat to opportunity / Cyber security / 11
7 Phase 2: Protect Phase 3: Detect & respond Balancing threats, risks and resources against business goals Timely detection of incidents Realising effective cyber security entails ensuring a baseline level of security across the organisation and establishing tailored protection of your crown jewels and critical assets. This requires balancing preventive and detective controls in the domains of governance, people, processes and technology. The protect phase of KPMG s Cyber Security Framework helps our clients to increase their resilience against cyber attacks in all domains. Establishing a baseline level of security throughout the whole organisation starts with an organisation that is built on capable people and effective processes for the protection of your assets. It also means that your technology landscape of applications, internet perimeter, internal network, websites, servers and workstations is regularly assessed. You can achieve this through a combination of security tests, configuration reviews, architecture assessments and authorisation reviews. After having established a level of basic security housekeeping, the next step is to focus on the areas that are most important to your business for fine-tuning your security: your organisation s crown jewels and critical assets. KPMG will help you with tailor-made actions and by implementing specific security measures regarding these areas, based on risk assessments and industry best practices. KPMG can help your organisation in: Cyber defence operating model: designing and implementing your defence organisation and infrastructure using the three lines of defence model; Secure architecture: defining or assessing the desired security architecture for processes and technology within your organisation; Assets, processes and resources alignment: enabling technology to link asset management, security monitoring, threat-, vulnerability-and incident management processes with the cyber strategy of your organisation; Security testing: assessing the security of your applications, systems and networks by ethical hackers; Identity and access management: designing and implementing an identity and access management infrastructure that is in control, manageable and compliant; Red teaming: testing your preventive and detective controls by performing a simulation of a real-world attack; Cloud security: security assessment, control and transformation of your cloud computing environment; Mobile security: security testing and advisory on your mobile applications or BYOD environment; Technical reviews: assessment against industry standards such as PCI-DSS. With the global proliferation of cyber attacks, the question for organisations is not if they will be attacked but when. The ability to effectively manage business during a major operational disruption is now a key success factor. With reputational damage occurring in an increasingly short time-span, organisations are looking for business and technical specialists who can help them design and execute incident response plans accordingly. The detect and respond phase of KPMG s Cyber Security Framework helps our clients respond to and investigate cyber attacks. The foundation for timely detection and response is a Security Operations Centre (SOC) that is supported by the functions of vulnerability management (to identify weaknesses in your assets), threat management (to identify and predict new attacks), and incident management (for prompt and thorough follow-up on incidents). KPMG has the experience to help you establish robust processes and technology. Even more important, we help you ensure that the people in these processes work as one, so that cyber threats are dealt with proactively. KPMG can help your organisation in: Serious gaming: organising red and blue team cyber incident response training to help you develop your responsive capabilities; Incident response capability development: enhancing your incident response capabilities including internal and external communications, service prioritisation and many other aspects; Stakeholder management: determining which stakeholders should be part of your crisis management process, what their needs and responsibilities are; Cyber attack detection: helping with deployment and optimisation of monitoring and sophisticated data analytics on your networks; Security and threat monitoring use-cases: advising on, designing and implementing security information and event management processes and architectures; Rapid response teams: helping you to contain, manage and recover from cyber attacks; Forensic evidence recovery & investigation: providing advanced digital forensics capability to gather, preserve and interpret large data sets, deleted or ephemeral data in order to prove a chain of events; DDoS protection: helping your organisation in dealing with DDoS attacks.. 12 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 13
8 Integrate Protect THREAT INTELLIGENCE Phase 4: Integrate Threat intelligence Detect & respond Integrating cyber security into everything you do Cyber threats have become part of the business environment and as such, there are risks which need to be managed. This necessitates that cyber security not be seen as a topic in isolation within the business, but as an integral part of your way of working. The integrate phase of KPMG s Cyber Security Framework helps our clients to embed cyber security in the culture and decisionmaking processes to help ensure their business stays one step ahead. Firstly we assess all key business processes to jointly determine which risks could and should be addressed in those processes. Next, using industry best practices we determine how security measures can best be embedded in the existing processes to mitigate these risks. Our specialists will then help you to implement those security measures in the daily operations of your organisation. Naturally, the main focus will be on automated controls (which can be built directly into your systems) as well as soft controls (such as cyber security awareness and training). KPMG can help your organisation in: Security reporting and measurements: determining security KPIs and developing cyber security dashboards; Security by design: assessing R&D processes for security embedding and providing support in determining security requirements for new products and services; Security in culture: embedding cyber security in the decision-making process of your organisation that facilitates culture of right skills and behaviours; Sourcing parties: managing your sourcing parties and ensuring that third parties deal with information in line with your requirements; Security operating model: developing a holistic security operating model in line with your business strategy and goals. The financial and reputational costs to recover from a cyber attack can materially impact public and private organisations. The most mature organisations anticipate cyber threats to help minimise the impact rather than merely respond to the attacks. Matching our industry experience with our technical skills, KPMG works closely with clients to design and implement cyber intelligence functions, answering questions such as how to move from reacting to anticipating cyber attacks, how to make sense of the cyber threats we face, how to establish an effective Security Operations Center, who to share threat intelligence with and how. Our experience in the intelligence and law enforcement community gives us a unique perspective on effective intelligence capabilities and processes. Combined with our deep technical knowledge in cyber security we: Work with organisations to design and implement in-house and government cyber intelligence functions and security operations centers; Help optimise aspects of current intelligence functions and security operations centers; Work in partnership with private intelligence and law enforcement agencies to enhance intelligence flows. 14 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 15
9 6 OPERATING PRINCIPLES BEHIND OUR SERVICES 7 OUR INDUSTRY SECTORS With more than 25 years of information security experience, we have been helping organsiations of all sizes from a variety of sectors: Offshore Chemicals Healthcare An intelligence-led approach. KPMG has gained a deep understanding and experience of intelligence best practices through working extensively with law enforcement and leaders in this field. A joint approach. Designing a plan is one thing, designing a plan which receives full support from the organisation is something entirely different. This is why we always work closely together with your team to ensure success. Industrial manufacturing Retail Engineering & construction Banking Government & public services Boundaries, national or organisational, are irrelevant to cyber security. Which is why we offer you a global network of 2000 cyber security professionals from across our 156 member firms and all industry sectors who seamlessly cooperate in multinational, crossfunctional teams. Cyber security is not an IT issue. KPMG brings together specialists in information protection and business continuity, forensic technology, risk management, privacy, organisational design, behavioural change and threat intelligence to help you manage cyber security across people, processes and technology. Confident cyber security choices are the key to ensuring trust among customers, shareholders and employees. Our global cyber security framework provides an holistic view of the cyber security lifecycle pre- and post-attack. It will help you develop a strategy on how to balance your efforts and where to invest. Pharmaceuticals Insurance Communications Oil & gas 16 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 17
10 WE HELP YOU TO BUILD YOUR RESILIENT ORGANISATION Our Cyber Security Framework is what distinguishes KPMG from other cyber security advisors. We view cyber security from an integrated perspective and provide solutions and recommendations suited to your business environment. For us, cyber security is an enabler for success, rather than a necessity for dealing with threats. Our specialists know what steps need to be taken to make cyber security an integral part of the way you do business. Once this has been achieved we can subsequently help you to investigate and identify where security can be positioned to add value to your products and services. We know how to report from a non-technical perspective. The technical heart of cyber security may result in observations and recommendations that are only understandable to technical experts. Working with KPMG, you can expect to receive crisp and clear recommendations that address the challenges from a business perspective instead of pages of technical buzzwords. Our ultimate aim in everything we do is to help you build a cyberresilient organisation. It may take some time to get to this level and may involve a reiterative process. We are more than happy to guide you through all the steps along the way. You can expect our cyber security professionals to go the extra mile in order to get you there. 18 / Cyber security / From threat to opportunity From threat to opportunity / Cyber security / 19
11 Contact John Hermans Partner Tel: Dennis de Geus Director Tel: Koos Wolters Director Tel: kpmg.com/nl/cybersecurity The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG Advisory N.V., registered with the trade register in the Netherlands under number , is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The name KPMG, logo and cutting through complexity are registered trademarks of KPMG International
www.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationCYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY
CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationwww.pwc.nl/cybersecurity Cyber security Building confidence in your digital future
www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com.au
Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations
More informationCyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity
IT ADVISORY Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity TABLE OF CONTENTS 1 Cyber security, a theme for the boardroom 3 2 What is cyber security? 4 3 Relevance to the boardroom
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationSeamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security
Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security An Internal Audit perspective on the threats and responses within the Retail Sector 15 th May 2014 Agenda Introductions
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationCyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au
Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au Cyber attack is one of the biggest threats to Australian businesses, however many Chief Executive Officers (CEOs) admit a lack
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationTitle here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES
SECTORS AND THEMES Successful Business Model Transformation Title here in the Financial Services Industry Additional information in Univers 45 Light 12pt on 16pt leading KPMG s Evolving World of Risk Management
More informationSytorus Information Security Assessment Overview
Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationHow do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI
How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI CGI Cyber Protection & Resilience Solutions Optimized risk management and protection
More informationChief Information Security Officer
Principles Vision Purpose Statement Chief Information Security Officer healthalliance Purpose, Vision and Principles healthalliance provides shared services to benefit NZ health organisations. We will
More informationADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS
ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS AN INFORMATION SECURITY BATTLEFIELD From Static to Dynamic Defense Cyber Security Strategies, LLC 1 2008-2010 Is The Cyber Tipping Point ESTONIA GEORGIA CABLE
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More information11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives
Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationCyber Security key emerging risk Q3 2015
Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se Companies falling behind are more
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.
ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationLondon Business Interruption Association Technology new risks and opportunities for the Insurance industry
London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in
More informationYour asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.
Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationBe Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience
Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationAustralian Government Cyber Security Review
Australian Government Cyber Security Review The Cisco Response Today, governments are almost universally pursuing a development and modernisation agenda to nurture their society into the digital age, and
More informationInformation Security Managing The Risk
Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationCyber Security for audit committees
AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have
More informationRiskAstute. Prepared for When.
RiskAstute Prepared for When. phishing Legal Threats ISO 27001/2 IT worms FCC Operations FERC process errors AM NTSB cyber-vandalism cyber-thef Accounting viruses SEC Dodd-Frank Customer Service SOX FAA
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationCyber security guide for boardroom members
Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationSorting out SIEM strategy Five step guide to full security information visibility and controlled threat management
Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management This guide will show you how a properly implemented and managed SIEM solution can solve
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationSmart Security. Smart Compliance.
Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to
More informationThe five most common cyber security mistakes
The five most common cyber security mistakes Management s perspective on cyber security ADVISORY kpmg.nl 2 The Continuous five most auditing common and cyber continuous security monitoring: mistakes The
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationCybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST
Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationIs cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary
Is cyber security now too hard for enterprises? Executive Summary Sponsors The creation and distribution of this study was supported by CGI, cybx and Fujitsu/Symantec. Premium sponsors: Gold sponsor: 2
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationThreat Intelligence. Benefits for the enterprise
Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationInstitute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander
Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationDeloitte Cyber Risk Services Providing trust in a digital world
Deloitte Cyber Risk Services Providing trust in a digital world June 2015 Deloitte Cyber Risk Services Providing trust in a digital world Our aim Your organization, whether functioning in the public or
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationGovernment Procurement Service
www.pwc.co.uk Government Procurement Service PwC and the G-Cloud: knowledge, experience, value V1.0 PwC Service Definition 9: G-Cloud Cyber Security Design and Assurance 06 October 2015 www.pwc.co.uk Table
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationCyber Security & Managing KYC Data
SPECIAL REPORT Cyber Security & Managing KYC Data The views and opinions expressed in this paper are those of the author(s) and do not necessarily reflect the official policy or position of Thomson Reuters.
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationNext Generation Banking Survey
Next Generation Banking Survey FINANCIAL SERVICES As the world emerges from what has been described as the greatest crisis in the history of finance capitalism, banks must adapt their business models to
More informationImplementing the value chain of the future
Implementing the value chain of the future KPMG s Operations Advisory Practice Our mission Our vision is to help member firms clients create breakthrough competitive advantage by designing and implementing
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationManagement Consulting Services kpmg.com.tr
KPMG TURKEY Management Consulting Services kpmg.com.tr KPMG Turkey provides world-class management consulting services Our Management Consulting team works with Board members, C-level executives and leaders
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationCyber Security From The Front Lines
Cyber Security From The Front Lines Glenn A Siriano October 2015 Agenda Setting the Context Business Considerations The Path Forward Q&A Cyber Security Context Cyber Has Become a Boardroom Conversation
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More information