Information Security in a Downturn



Similar documents
The downturn and the cloud..challenge and solution?

Seamus Reilly Director EY Information Security Cyber Security

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Cyber security: Are consumer companies up to the challenge?

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Name of presentation Company name

OECD PROJECT ON CYBER RISK INSURANCE

A NEW APPROACH TO CYBER SECURITY

LGMA Qld Governance and Corporate Planning Village Forum

Cybersecurity Strategic Consulting

Information Security Policy

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cyber Security Incident Response High-level Maturity Assessment Tool

REPORT. Next steps in cyber security

CYBER RISK INTERNATIONAL COMPANY PROFILE

Information Security: Business Assurance Guidelines

Targeted Security and Risk Management Solutions

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cyber Security Evolved

The Saratoga Review. Saratoga Human resource services. Newsletter Issue: February In this issue. What s happening at PwC Saratoga 1

Cybersecurity. Considerations for the audit committee

Cyber Risk & Insurance

Does Fraud Matter? ASIS Middle East Security Conference and Exhibition Dubai, February 16, Torsten Wolf, CPP Head of Group Security Operations

Certified Cyber Security Analyst VS-1160

Cyber Security, a theme for the boardroom

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Risk Management Frameworks

Italy. EY s Global Information Security Survey 2013

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Wealth Management For Your Future

Big 4 Information Security Forum

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Cyril Roux: Cybersecurity and cyber risk

Cyber security in the boardroom:

Statement of Qualifications Cybercrime & data breach

How To Protect Your It Infrastructure

EMR ASM Alliance Executive Group: Terms of Reference

The internet and digital technologies play an integral part

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Crime Location Crime Type Month Year Betting Shop Criminal Damage April 2010 Betting Shop Theft April 2010 Betting Shop Assault April 2010

Using an Identity Confirmation Quiz Indiana s Journey

Executive Cyber Security Training. One Day Training Course

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

Leveraging Privileged Identity Governance to Improve Security Posture

Good morning. It s a pleasure to be here this morning, talking with the NZISF. Thank you for this opportunity.

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Confident in our Future, Risk Management Policy Statement and Strategy

The Next Generation of Security Leaders

HR Business Consulting Optimizing your HR service delivery

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

Securing the Nation: Creating cyber security, resilience and readiness

Course Outline. ZHSS8441: Cyber Security and World Politics S Course Staff. Student Learning Outcomes. Introduction/Context

The task of Orava s risk management is also to support in adapting to the changes in business and risk environment.

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Developing a robust cyber security governance framework 16 April 2015

CYBER SECURITY STRATEGY AN OVERVIEW

CYBER SECURITY Audit, Test & Compliance

Concept report: The Australian Personal Loans Market - Targeting the high value personal loan customer

Research Topics in the National Cyber Security Research Agenda

Cybercrime in the Automotive Industry How to improve your business cyber security

Governance and Management of Information Security

Cybercrime Security Risks and Challenges Facing Business

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Nine Cyber Security Trends for 2016

Tackling the growing risk of cyber crime

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Defining the Gap: The Cybersecurity Governance Study

Copyright 2013 wolfssl Inc. All rights reserved. 2

CYBER SECURITY IN VIETNAM MULTI-CHAMBER MEETING - 22 OCTOBER 2015

Cyber Security - What Would a Breach Really Mean for your Business?

North Texas ISSA CISO Roundtable

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

Transcription:

Information Security in a Downturn Prof. Howard A. Schmidt, CISSP, CSSLP President and CEO Information Security Forum Ltd. Vice-Chair and Security Strategist (ISC)2 Board of Directors

Agenda 1. The Information Security Forum 2. Information security and the downturn 3. The world has changed 4. Key information security challenges 5. How can I respond? www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 2

The Information Security Forum (ISF) An international association of approximately 300 leading global organisations, which... addresses key issues in information risk management through research and collaboration develops practical tools and guidance is fully independent and driven by its Members promotes networking within its membership. www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 3

What the ISF provides for its Members and much more besides! www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 4

Information security and the downturn (1) Organisations are focusing on cash, cost control and retaining customers Internal cost-centres are targets for cost control - Information security sometimes viewed as an overhead The downturn and organisational responses may change the organisational risk profile and risk appetite - May alter the operating environment for information security www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 5

Information security and the downturn (2) Information security could be affected - Spending on information security might be reduced - But the reduction will lag the downturns in the economy and organisation Threats and risks to information will change - New threats and risks will emerge - Sophistication will increase Will your information security budget change in 2009? Increase Staying the same Decrease 0% 10% 20% 30% 40% 50% 60% 70% % of respondents Source: ISF MX Quick Vote www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 6

The world has changed very quickly POLITICAL LEGAL Intellectual property, electronic evidence, identity theft ECONOMIC SOCIO-CULTURAL Espionage, lack of public trust, cyber-terrorism Emerging economies, complex ownership, organised crime Corporate loyalty, demographics Long-term threats are in the here and now TECHNICAL Web 2.0, solar flares, process control www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 7

Key information security challenges There are four major information security challenges: - poor understanding of the information risk environment by the organisation - misalignment of the information risk strategy with revised business objectives - obsolescence of plans and processes associated with information security - lack of focus on the long-term objectives of the information security function. www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 8

Key information security threats today Cybercrime - It s growing and becoming more specialised Espionage - Exposure of Intellectual Property Fraud and embezzlement - Both internal and external Disgruntled employees - Sabotage, data theft Incidents - Relative impact may increase Cutting too deep - Loss of expertise and experience Lack of support from IT - Their budgets are under pressure too! www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 9

How can I respond? 1. Get the basics right identify critical and/or sensitive information re-assess information risk identify and deploy security controls re-examine security function activities 2. Throw out your assumptions look beyond historical data change your thinking about the threats revise information security plans question the beliefs 3. Plan for uncertainty prepare for a whole new world develop and rehearse responses www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 10

How can I respond? 4. Become the risk champion adapt to changes in the organisation s risks use your nose for risk 5. Build for the future maintain capability Members of the ISF have a strategy www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 11

ISF Reports Managing Security in a Downturn Economy Profit Driven Attacks Insider Threats Threat Horizon 2010 Effective approaches to managing a security function Information security strategy Examining the needs of CISO RISE: role of information security in the enterprise The Insider view www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 12

Information Security Forum howard.schmidt@securityforum.org http://www.securityforum.org http://www.isc2.org www.securityforum.org Security in a Downturn Copyright 2008 Information Security Forum Limited 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information