Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft



Similar documents
Mitigating and managing cyber risk: ten issues to consider

Third party assurance services

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security Evolved

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Cyber security Building confidence in your digital future

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Cybercrime: risks, penalties and prevention

Smart Security. Smart Compliance.

Addressing Cyber Risk Building robust cyber governance

Committees Date: Subject: Public Report of: For Information Summary

CYBER RISK SECURITY, NETWORK & PRIVACY

PCL2\ \1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

Western Australian Auditor General s Report. Information Systems Audit Report

Specialist Cloud Services. Acumin Cloud Security Resourcing

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Compliance Security Continuity

CGI Cyber Risk Advisory and Management Services for Insurers

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Security Risk Management Strategy in a Mobile and Consumerised World

Security Controls What Works. Southside Virginia Community College: Security Awareness

Nine Steps to Smart Security for Small Businesses

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

HP Cyber Security Control Cyber Insight & Defence

Securing the Cloud Infrastructure

Who s next after TalkTalk?

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Cybernetic Global Intelligence. Service Information Package

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Cyber Security solutions

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risks in the Boardroom

The enemies ashore Vulnerabilities & hackers: A relationship that works

Executive Cyber Security Training. One Day Training Course

CYBER SECURITY TRAINING SAFE AND SECURE

Managing data security and privacy risk of third-party vendors

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Third Party Supplier Security

Assessing the strength of your security operating model

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

Protecting Malaysia in the Connected world

Cybersecurity: Protecting Your Business. March 11, 2015

How To Implement Data Loss Prevention

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Cybersecurity and internal audit. August 15, 2014

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cyber security Building confidence in your digital future

NSW Government Digital Information Security Policy

New EU Data Protection legislation comes into force today. What does this mean for your business?

Cybersecurity. Considerations for the audit committee

Information Security Management System Policy

Information Security Management System Information Security Policy

Into the cybersecurity breach

PCI DSS Investing wisely...

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

The era of hacks and cyber regulation

Caretower s SIEM Managed Security Services

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Managing Cyber Risk through Insurance

Big Data for Law Firms DAMIAN BLACKBURN

Lloyd s Managing Agents FSA Solvency II Data Audit

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014

Government Procurement Service

Executive Management of Information Security

ISO Information Security Management Services (Lot 4)

Microsoft s cybersecurity commitment

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cyber/ Network Security. FINEX Global

Securing Critical Information Assets: A Business Case for Managed Security Services

A NEW APPROACH TO CYBER SECURITY

The Value of Vulnerability Management*

Securing the Microsoft Cloud

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

How-To Guide: Cyber Security. Content Provided by

Guide to Penetration Testing

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Cyber Risks in Italian market

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

CYBER-ATTACKS THE GLOBAL RESPONSE

National Approach to Information Assurance

NNIT Cybersecurity. A new threat landscape requires a new approach

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Information Security Incident Management Policy September 2013

Vendor Risk Management Financial Organizations

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

Keeping watch over your best business interests.

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

developing your potential Cyber Security Training

Secure by design: taking a strategic approach to cybersecurity

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

CESG Certification of Cyber Security Training Courses

ESKISP Conduct security testing, under supervision

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Legislative Council Panel on Information Technology and Broadcasting. Information Security

CONSULTING IMAGE PLACEHOLDER

Transcription:

Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft

2 Cyber Security and Privacy Services What drives your security strategy? In this document we highlight some of the security challenges your organisation may be facing and explain how our Cyber Security and Privacy Services can be applied to help organisations surmount these obstacles. Economic and market forces have driven organisations through major transformations over the past decade. The importance of securing sensitive customer and corporate data is now widely accepted. Information is one of the most valuable assets that any organisation holds. As the business community continues to explore new and innovative approaches such as Cloud Computing, the security threat increases in complexity. Targeted persistent attacks by professional hackers and hacktivists have added to the volume of daily threats an organisation has to face. The regulators and authorities are increasingly aware of the threats to business and the impact this may have on the economy. As a result, new directives and legislation, aimed at ensuring critical businesses have robust defences, are emerging. The old defence mechanisms are no longer reliable and businesses need to adopt up to date security practices and develop a mature organisation-wide security culture to protect their interests and reputation. Recent regulatory developments A new European Union Cyber Security Strategy was proposed in February 2013. The strategy requires organisations to report significant cyber incidents to a competent national authority. The European Union has also drafted General Data Protection Organisations are expected to actively manage their exposure to cyber security risks and put frameworks in place to implement industry good practices and benchmarks. Regulations which will replace the current Data Privacy Directive. These require tighter controls and will change how organisations manage personal information. The UK government is increasingly focused on cyber security and, through various cabinet office initiatives, government and intelligence agencies are directly targeting the most senior levels in the UK s largest companies and providing them with advice and guidance on cyber security threats. The FSA s attention on information risk has increased recently, following a number of recent IT incidents where systems within major banks became unavailable. As a result, high street banks were required to identify weaknesses in their infrastructures and report how any future outages would be prevented. They were also required to nominate a member of the board accountable for future failures in critical information technology systems. Cyber Security and Privacy Services (CSPS). What are they? CSPS offer an innovative solution to tackling emerging security threats, by focussing on changing the way organisations deal with them. As an independent advisory practice at Grant Thornton, we help our clients evolve their approach to tackling current and emerging security issues. Creating a more proactive security approach involves transitioning away from outdated reactive methods to ones that are designed to ensure all aspects of the organisation become part of the security solution, provide more effective protection and improve return on security investment. CSPS can provide focus on maintaining a current and pragmatic view of the cyber security threat landscape, and periodically assess the effectiveness of the measures used to mitigate the risk to an organisation s services and information that could result from such an incident.

Cyber Security and Privacy Services 3 Is security an IT problem? Security is no longer the sole responsibility of IT Recent changes to regulatory frameworks, together with significant revisions to Corporate Governance and UK data protection law, mean that information risk now affects many functions across an enterprise, including finance, legal, compliance, technology, security, infrastructure and the executive office. Organisations must therefore re-assess the specialist skills they need, develop risk frameworks that incorporate information risk and ensure that security awareness is embedded as a key aspect of the organisation s culture. The world of cyber crime thanks you for your private and confidential information! Business and corporate executives are becoming increasingly aware that failure to comply with regulations has real consequences, that could include large fines and litigation. Without effective security policies and procedures, companies can suffer financial loss, productivity losses, customer defections and, importantly, reputational damage at a personal and organisational level. There could also be a significant and unwelcome increase in the financial burden of addressing security issues after a breach has taken place. Regulations affecting how organisations manage their information risks include: Sarbanes Oxley (SOx) Payment Card Industry Data Security Standards (PCI DSS) Data Protection Act 1998 EU General Data Protection Regulation (EU GDPR).

4 Cyber Security and Privacy Services Current challenges and requirements Data protection legislators impose new high penalty burdens The proposed revamp of the EU s Data Protection Rules gives individuals more control over the use of their personal information and imposes a new set of tighter regulation on all companies that hold and process personal information. Organisations that hold the personal data of EU citizens will be required to: appoint a data protection officer to supervise the protection of personal data stored, managed and processed by individual businesses comply with users requests to delete everything they have ever published about users online. It also means that consumers are able to force companies that hold data about them, such as financial institutions, marketing companies and also online services such as Facebook and LinkedIn, to remove all personal data held relating to them. Users providing information over the internet must be informed of the purposes their data will be used for internally, how long it will be stored for and if it is to be used by third parties. Organisations across Europe must gain explicit consent from their customers for processing personal data and provide those customers with a right to be forgotten - this means that all data stored on a customer requesting this right must be removed from corporate databases and data stores. Consent to process and a right to be forgotten Businesses will have to gain explicit consent from their customers for processing personal data and must also provide those customers with a right to be forgotten. Legislative changes include new European wide powers to impose punitive fines of up to 2 per cent of an organisation s global turnover should they breach the Data Protection Rules.

Cyber Security and Privacy Services 5 The 24 hour rule Under the proposed Data Protection regulations, organisations must swiftly inform individuals when their personal data is lost, stolen or hacked. Companies that suffer a data breach must inform the data protection authorities and the individuals concerned within 24 hours of the disclosure being identified. The new rules have been introduced as a comprehensive legislative package which are uniformly applicable across all EU member states, including those outside the EU and those holding personal data on EU citizens. With an ever expanding, increasingly sophisticated and persistent threat landscape, which is driving wider legislation to ensure organisations are adequately protected, the need for specialist CSPS is fast becoming a business as usual (BAU) necessity. The average cost of a data breach for a UK company has reached 1.7 million and is now 47.00 per lost customer record According to the Ponemon Institute the cost of a data security breach for companies in the UK ranged from 160,000 to 4.8 million

6 Cyber Security and Privacy Services Combating the challenges - what CSPS offers It is clear there are numerous security issues organisations need to consider. CSPS aim to: reduce the risk of data loss and security breaches minimise the risk of significant legislative fines improve the maturity level of an organisation s security culture provide a platform for collaboration and innovation across the security community. The benefits CSPS can bring to your organisation are: knowledge that your corporate and customer data is appropriately protected against internal and external threats in the case of a data breach, a faster recovery process to demonstrate to shareholders, customers and legislators that lessons have been learnt and mitigating actions implemented a benchmark security standard set against industry best practice that will let you know your level of vulnerability and your organisation s capacity to deal with evolving local and international threats. As auditors, advisors and consultants to industry, Grant Thornton UK LLP has conducted numerous reviews on behalf of clients to ensure that the Data Protection Rules are being applied. We also provide professional services to identify and bridge any gaps you may have in achieving compliance with legislation and we seek to provide a platform for innovation and collaboration within the security community.

Cyber Security and Privacy Services 7 Why Grant Thornton and our approach to CSPS Grant Thornton UK LLP has an extensive client base that spans across multiple industries and countries. Our CSPS are designed to help clients protect data, assets and services at an appropriate and proportionate level to the unique or combined threats faced by individual organisations around the globe. Our team of dedicated security practitioners are experienced in advising, consulting on and leading major security initiatives for high profile organisations and are often engaged as trusted advisors on sensitive national or international initiatives. Grant Thornton has a distinctive approach to CSPS and it covers three interdependent elements: physical security (buildings/estates/property) personnel security (including staff and culture) information and cyber security (documents/data/systems). In assessing an organisation s security framework, we focus on: Our senior security consultants come with a range of commercial and government accreditations including: CISSP, CLAS, CISM, CREST and CHECK. 1: Governance Information Security Management Systems (ISMS) Alignment to Business Strategies Compliance Assessment and Assurance Frameworks Information Security Risk Assessments and Audits Training and Awareness 2: Regulatory Compliance and Standards Review and compliance assessment including: -- European Union Cyber Security Directive (EU CSD) -- Payment Card Industry Data Security Standards -- Data Protection Act 1998 and EU Data Protection Directive (EU DPD) -- FSA Data Security guidelines -- ISO 27000 suite of standards -- BS 25999 -- ITIL 3: Information Risk Management Cyber Threat Analysis Services Data Governance Consulting Services Data Protection and Records Management Developing a Security Culture Physical Security and Social Engineering Advisory Cloud and End-point Security Third Party Security Assessments 4: Technical Security Management Malware and Anti-Virus Management Encryption and Transmission Security Vulnerability Assessment and Penetration Testing Enterprise Mobility Management Identity and Access Management (IAM)

How we can help Grant Thornton UK LLP can provide a range of services to meet your organisation s specific requirements. From providing additional expert resource to supplement your security team, to providing a completely outsourced service, we can deliver cyber, information, data and physical advisory and consulting services. Where an entire project is outsourced we would supply a comprehensive team of multi-skilled practitioners to provide services across agreed functions and to deliver a complete end to end solution. Our experts can conduct a range of support activities, including: cyber security reviews and gap analysis technical reviews of current security and organisational infrastructure cyber security assessments, health checks and internal audit reviews in depth analysis and benchmarking of cultural maturity for security services across the firm legislative advisory services Project and Programme Management Data, Physical and HR Professional Security Services training of staff and Change Management Forensic IT Security Services collaboration and innovation events to connect chief information security officers and the business community. Grant Thornton can help you ensure that your corporate security and privacy standards and infrastructure are fit for purpose and up to the task of defending your organisation against current and emerging cyber security threats. Who should I contact for assistance? To understand more about our CSPS expertise, please contact: Sandy Kumar Partner Head of Business Risk Services T 020 7728 3248 E sandy.kumar@uk.gt.com Manu Sharma Associate Director Lead for Cyber Security and Privacy Services Business Risk Services T 020 7865 2406 E manu.sharma@uk.gt.com Ravi Joshi Head of Technology Risk Services Business Risk Services T 020 7865 2571 E ravi.joshi@uk.gt.com 2013 Grant Thornton UK LLP. All rights reserved. Grant Thornton means Grant Thornton UK LLP, a limited liability partnership. Grant Thornton is a member firm of Grant Thornton International Ltd (Grant Thornton International). References to Grant Thornton are to the brand under which the Grant Thornton member firms operate and refer to one or more member firms, as the context requires. Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered independently by member firms, which are not responsible for the services or activities of one another. Grant Thornton International does not provide services to clients. This publication has been prepared only as a guide. No responsibility can be accepted by us for loss occasioned to any person acting or refraining from acting as a result of any material in this publication. grant-thornton.co.uk V22758

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information