Cyber Risk Presentation to the Board of Directors

Slides:

Advertisements

Similar presentations

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

Advertisements

Lisanne Sison Director ERM Bickmore

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Chapter 10 Accounting Information Systems and Internal Controls

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

The Executive’s Guide to Strategic C H A N G E Leadership.

High-Level Assessment Month Year

Establishing an Effective Enterprise risk management (ERM) program

Part One: An Overview of Business Ethics

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

C H A P T E R 2 Stakeholder Relationships, Social Responsibility, and Corporate Governance.

The Evergreen, Background, Methodology and IT Service Management Model

Continual Service Improvement Process

Security and Privacy Services Cloud computing point of view October 2012.

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.

Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.

BIMCO Maritime Environmental & Efficiency Management Seminar - 2 June 2015 ©ecoreflect ltd Why manage environmental issues? Dr Anne-Marie Warris.

McGraw-Hill/Irwin Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Identification and Selection of Development Projects.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Copyright © Houghton Mifflin Company. All rights reserved.

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

FFIEC Cyber Security Assessment Tool

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

STRATEGY IMPLEMENTATION Chapter 7. FUNCTIONAL STRATEGIES These are made up of day to day decisions made at the operating level of the firm, often performed.

1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Business Ethics 1 كلية العلوم والدراسات الانسانية بالغاط Chapter 3: Stakeholder Relationships, Social Responsibility, and Corporate Governance.

Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.

Michael J. Novak ASQ Section 0511 Meeting, February 8, 2017

What Is Vendor Management And Why Is It Important To You?

BruinTech Vendor Meet & Greet December 3, 2015

Cybersecurity - What’s Next? June 2017

IIASA Governance Review

Data Architecture World Class Operations - Impact Workshop.

Information Technology Standards at the University of Illinois

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

Orlando Leon • Cynthia Herrera Lindstrom • Joanna Lyn Grama

Strategy implementation

NIST Cybersecurity Framework

Presented by Robert Ford

IT GOVERNANCE December 1, 2017.

Microsoft SAM Managed Service Program

Internal Audit & Enterprise Risk Management

8 Building Blocks of National Cyber Strategies

Enterprise Resource Planning (ERP)

Foundations of Planning

Alignment of COBIT to Botswana IT Audit Methodology

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Malcolm Baldrige Award

By Jeff Burklo, Director

IS4550 Security Policies and Implementation

Eaton Quality System Overview

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

Learning Objectives Identify stakeholders’ roles in business ethics

Cybersecurity ATD technical

How To Identify and Reduce Business Risk

Copyright © 2005 Prentice Hall, Inc. All rights reserved.

KEY INITIATIVE Internal Control and Technical Accounting

Supply Chain Management

Quality Management MNGT 420

Presentation transcript:

Cyber Risk Presentation to the Board of Directors [START ATTACK MAP] There’s a technology race on and it will continue, But technology isn’t enough. Directors have to get engaged in governing cyber risk.

Copyright Cybernance Corp. 2016 Contents About Cybernance Inc. About Cybernance Platform Why Cybernance? Cybersecurity Standards Scoring Dimensions & Domains Controls & Actions Example Themes to Improve Cyber Example Board Presentation Outline Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 About Cybernance Inc. Founded in early 2015 in Austin, TX as a venture- backed cybergovernance software company. Led by seasoned security and software executives. Active customers across most industries, namely insurance, energy, healthcare, financial, retail, and non-profit. Our goal is to form a collaborative bridge between Board of Directors, executives, managers, and operators across the entire organization. Copyright Cybernance Corp. 2016

About Cybernance Platform Helps key stakeholders address cyber risk in a common language. Based on the most widely accepted cyber standard (NIST), which was designed to assess, measure, report, and improve a company’s cyber resilience. Tests vendor controls through a risk-based approach to relationship management. Extends to compliance standards – FFIEC, HIPAA, PCI, ISO, etc. Assess cyber controls, identify current maturity, prioritize actions, track progress, report to Board/executives, and compare to peers. Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Why Cybernance? Based on the National gold standard in cyber (NIST Cybersecurity Framework) Blends strategic and operational concerns Prioritizes risk management and resilience Focuses on human aspects: policies, procedures, processes Promotes collaboration among diverse stakeholders Not just IT and security Tracks and enables reporting progress over time Copyright Cybernance Corp. 2016

Cybersecurity Standards Intent of NIST is to create: A set of common controls applicable to ALL environments A shared understanding among diverse industries A common language for key stakeholders across any given organization NIST is widely regarded as the best Standards can be ‘mapped’ to each other when broken down to their individual components Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Scoring The national average Cybernance Score (known as the ‘CMOM Index’) is 302 The distribution skews to the left (lower scores) with a long tail to the right (higher scores) Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Dimensions Risk Management Formalized policy/procedures used by risk and security Risk Culture Degree of buy-in from the broader workforce into risk management policies, etc. Risk Influence Rigor of applying risk management controls to external relationships including partners, vendors, etc. Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Domains Cybersecurity is more than a technology problem; it involves many others throughout the entire organization. Domains define the responsibilities that align with traditional org charts. Board Oversight CIO/CISO Tech & Security Audit Assurance Counsel Compliance Procurement Supply Chain HR Workforce CEO Strategy & Agenda Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Controls GREEN = Implemented How well or to what degree? Implementations are scored 1-4 aligned with NIST Helpful in making risk tolerance decisions YELLOW = Unimplemented Not done yet or not done on purpose – both could be reasonable GREEN = Unknown Questions that need to be answered These should be priority Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Actions The Cybernance Platform recommends actions based on the following: Projects and programs to improve risk management and resilience Resources to help users understand how and why to implement specific programs Collaborators and enablers who should be involved in the project Copyright Cybernance Corp. 2016

Copyright Cybernance Corp. 2016 Example Themes Refining inventories of hardware assets with information on dependencies, compliance, SLA. (ACM domain) Formalizing processes around risk acceptance using defined, documented, universal criteria. (RM domain) Defining requirements for cybersecurity information sharing programs: policies, standards, key stakeholders. (ISC domain) Copyright Cybernance Corp. 2016

Example Board Presentation Discussion of NIST standard High level dimensions and domains CMOM index score Overview of each domain What each one is Who owns it Interpretation of score Actions & Priorities Summary of top-tier (3-5) priorities Discussion regarding how those limit risk Copyright Cybernance Corp. 2016