How to protect yourself against cyber crime in 7 practical steps



Similar documents
Cyber security Building confidence in your digital future

Cyber Security Evolved

Protecting your business interests through intelligent IT security services, consultancy and training

Quality Programs for Regulatory Compliance

defense through discovery

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Strategic Plan On-Demand Services April 2, 2015

Increase insight. Reduce risk. Feel confident.

Attachment A. Identification of Risks/Cybersecurity Governance

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

Logging In: Auditing Cybersecurity in an Unsecure World

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Four Top Emagined Security Services

Cisco Security Optimization Service

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

OCIE CYBERSECURITY INITIATIVE

CONSULTING IMAGE PLACEHOLDER

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

PCI DSS READINESS AND RESPONSE

PCI DSS Top 10 Reports March 2011

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Developing National Frameworks & Engaging the Private Sector

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

Overview TECHIS Carry out security testing activities

BOARD OF GOVERNORS MEETING JUNE 25, 2014

Cyber Security Solutions

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

External Supplier Control Requirements

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

OECD PROJECT ON CYBER RISK INSURANCE

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

FFIEC Cybersecurity Assessment Tool

Cybersecurity Strategic Consulting

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Cyber Security solutions

How To Manage Risk On A Scada System

Continuous Network Monitoring

Committees Date: Subject: Public Report of: For Information Summary

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Cyber security Building confidence in your digital future

An Executive Brief for Network Security Investments

Cyber security: Are consumer companies up to the challenge?

Audit Capabilities: Beyond the Checklist. Niall Haddow, Business Leader Philip Young, Sr. IT Auditor Professional Strategies - Session S32

PCI Solution for Retail: Addressing Compliance and Security Best Practices

White paper September Realizing business value with mainframe security management

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Into the cybersecurity breach

Taking Information Security Risk Management Beyond Smoke & Mirrors

Protecting Malaysia in the Connected world

Are You Ready for PCI 3.1?

Managing business risk

ESKISP Manage security testing

Enterprise Security Tactical Plan

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

Cyberprivacy and Cybersecurity for Health Data

Address C-level Cybersecurity issues to enable and secure Digital transformation

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

Cybersecurity The role of Internal Audit

AUTOMATED PENETRATION TESTING PRODUCTS

Frequently Asked Questions. Frequently Asked Questions: Prioritizing Trust: Certificate Authority Security Best Practices

Cloud Security Who do you trust?

Cyber Security - What Would a Breach Really Mean for your Business?

Dealer Member Cyber-security

Improving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Information Security Program CHARTER

Certified Information Security Manager (CISM)

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

Information Technology Risk Management

Cyber Risk in Healthcare AOHC, 3 June 2015

Proactive Enterprise Risk Management

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Making Sense of Cyber Insurance: A Guide for SMEs

Building a Corporate Application Security Assessment Program

2011 Forrester Research, Inc. Reproduction Prohibited

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

CGI Cyber Risk Advisory and Management Services for Insurers

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Why you should adopt the NIST Cybersecurity Framework

National Cyber Security Policy -2013

MANAGED SECURITY SERVICES (MSS)

INFORMATION S ECURI T Y

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Cybersecurity and Insurance Companies

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Rogers Insurance Client Presentation

Transcription:

How to protect yourself against cyber crime in 7 practical steps Fox Harbour, NS Presented by: Date: Scott Crowley, Regional Managing Partner, MNP Ken Taylor, President, ICSPA Stephen Warden, Partner, MNP June 7, 2013

Presentation Agenda Why you need a formal approach 7 steps to build up your security Conclusion

ICSPA Key Cyber Crime Study Findings 7 out of 10 companies have been attacked Almost 8 in 10 companies have NO internal Cyber risk assessment process (5866 cyber crime incidents) ONLY 3 in 10 companies have a plan in place to respond to a cyber attack ONLY 3 in 10 companies have personnel trained to respond to a cyber attack 94% of organizations surveyed were NOT accredited to national or international security standards Awareness of the Canadian cyber security strategy was 7% Almost 5 in 10 companies did NOT know who to contact if a cyber crime occurred

Why you need a formal approach Various factors make it hard to be fully secure at all time: Complexity of the technology: The constant evolution of the technology brings new risks: Various stakeholders/interests are involved: A formal approach helps you to address this complexity

The following 7 steps approach will help you to: Clearly understand your security risks Effectively implement the protection you need, against the most critical risks Save cost by focusing on what s really necessary Build a sustainable security posture

1. Understand the risks Understand what technology is used and how: Formally qualify the security risks or potential incidents you are exposed to Perform a security assessment against industry best practice,

2. Test your systems security and try to break in Perform a vulnerability scanning of the network Perform a penetration testing against your key systems This will provide an immediate, realistic and clear understanding of the most critical security exposures and vulnerabilities

3. Develop a clear security roadmap Document a security roadmap that list clear actions to address high vulnerabilities / risks. Prioritization is based on the risk assessment and testing in step 1 and step 2

4. Embrace compliance with laws and regulations Make sure you comply with applicable legislative and regulatory security requirements, including: IIROC rules PIPEDA and provincial regulations on privacy Other financial regulations if applicable (National Instruments, MFDA, FINRA, NASD, SEC) Non-compliance with applicable laws and regulations can result in hefty fines.

5. Consider advanced automated security tools For larger organizations, specific security risks will need to be addressed with advanced tools, such as: Management of professional and personal mobile devices Protection against data leakage. System log monitoring

6. Make your employees you best partners in security Develop security training and awareness for employees. Learn the safe behaviours Security training is also key

7. Maintain your security posture by performing regular reviews Because your business and technology environment is always evolving Schedule annual or semi-annual security reviews:

Summary Security incidents occur more often than ever and affect all industries. Impacts of a security breach could be disastrous and may result in: a) a loss of clients and revenue, b) incur high costs to remediate, c) incur fines d) May impact operations It can be difficult to strike the right balance between security investments and a precise evaluation of the existing threats Having a team of specialists with you will allow you to clearly identify the security issues, and provide adequate, affordable recommendations to effective protect the organization

Questions?

Scott Crowley, CMC, MBA Regional Managing Partner, Ontario Advisory Enterprise Risk Services 416-596-1711 scott.crowley@mnp.ca Ken Taylor President ICSPA 613-866-0423 ken.taylor@icspa.org

MNP Security Lifecycle proprietary framework represents the best practice security controls that should be in place for an optimal protection against cyber threats

MNP is one of the largest chartered accountancy and business advisory firms in Canada. MNP offers a full suite of corporate governance and risk management services, including in-depth advice on corporate governance best practices; risk management; compliance; internal audit; security and privacy; forensics; technology and business resiliency.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information