Robert Gregg CEO ID Experts

Slides:



Advertisements
Similar presentations
Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.
Advertisements

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
Public Affairs Management
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Introduction to Network Defense
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Overview of Cybercrime
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Global Program Management Dawn Davis, SVP Global Records Management.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Resources to Support Training Programs for CSIRTs.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
Cyber Security Nevada Businesses Overview June, 2014.
Logging Antivirus Examples Use recent examples from media of such attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary). Articles in business magazines.
H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.
INTELLIGENCE SERVICES. The Stratfor Advantage As the world’s leading private intelligence company, Stratfor is able to analyze and deliver timely, accurate.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Note1 (Admi1) Overview of administering security.
Randy Beavers CS 585 – Computer Security February 19, 2009.
Larry Clinton Operations Officer Internet Security Alliance
Cyber Security Management Lesson Introduction ●Understand organizational context for cyber security ●Understand the people, process and technology dimensions.
DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.
E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Session 10 Implementing & Managing Market-Driven Strategies group3.
Safe’n’Sec IT security solutions for enterprises of any size.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.
Working to Raise the Bar in the Quality, Professionalism and Value of Integration Services.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Marketing Principles CHAPTER 2 SECTION 1.  SWOT analysis – an assessment that lists and analyzes the company’s strengths and weaknesses  This analyzes.
S ECURE E-S YSTEMS AS A COMPETITIVE ADVANTAGE IN A GLOBAL MARKETS By Cade Zvavanjanja Cybersecurity Strategist By Cade Zvavanjanja Cybersecurity Strategist.
Cybersecurity as a Business Differentiator
Law Firm Data Security: What In-house Counsel Need to Know
Information Security Program
Data Minimization Framework
Cyber Risk Presentation to the Board of Directors
Responding to Intrusions
Chapter 3: IRS and FTC Data Security Rules
Securing the Threats of Tomorrow, Today.
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
Cybersecurity compliance for attorneys
CRITICAL INFRASTRUCTURE CYBERSECURITY
Cybersecurity Update Cascade Natural Gas.
Cyber Risk & Cyber Insurance - Overview
Cyber Security Culture
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
IS Risk Management Framework Overview
Neil Kirton and Zoë Newman
Strategic threat assessment
Microsoft Data Insights Summit
Protecting Knowledge Assets – Case & Method for New CISO Portfolio
Presentation transcript:

Robert Gregg CEO ID Experts Bob.gregg@idexpertscorp.com

Overview Defining the cybersecurity problem Serious national security concern What does this mean for companies…particularly the CFO What we must do - Now

Picture of bad guys from uspis Oceans 11 analogy Zeus malware- 240,000 variants Targeting you and your campany Demetri Galutav- 7000 hackers-10 yrs, 400k pol office 40-50K hackers active =Secret service For profit, not noteriety---32% infected

Cybersecurity Risk Conclusion of the Internet Security Alliance (ISA) , the American National Standards Institute (ANSI), and all executives who worked on the project: The single biggest risk involving cybersecurity is ignorance and misunderstanding!

We Need a Total Risk Management Approach The security discipline has so far been skewed toward technology—firewalls, ID management, intrusion detection—instead of risk analysis and proactive intelligence gathering. PWC Global Cyber Security Survey We have to shift our focus from considering cybersecurity as a technical-operational issue to a economic-strategic issue

Cybersecurity = Investment Cybersecurity has historically been looked at as a cost….. Increasingly it has to be looked at as an investment Greater trust=Stronger brand=Higher sales

The Threat Source Outside Intruder (Hacker) Well meaning insider Insider with mal-intent

Data Breach Perfect Storm Technology Advancement Shrinking IT Budgets Hacker Sophistication Realization of the Value of Data Declining Economy Government Regulations Increased Outsourcing

The Private Sector The private sector owns 95% of the cyber infrastructure The private sector must, by law, operate---not in the public interest---but to maximize shareholder value The private sector makes decisions based on economics The way to improve cybersecurity is to alter the economics of cybersecurity

Follow the Money We have –and will continue to have- cyber attacks because of the economic incentives Attacks are easy/cheap/very profitable Defense is hard---successful prosecution 1% Perimeter to defend is endless Extremely hard to show ROI because enterprises don’t analyze their cyber risk correctly

Structural / Economic Misalignment Symantec: attacks up 500% between 2006-07 & doubled again between 2009-10 Cyber Space Policy Review: Cost to American business = $1 TRILLION PWC/CSIS/Forrester all report investment in information security is down in 50%-66% of American companies----and most of the security spending is for audit compliance not security

We are Not Cyber Structured In 95% of companies the CFO is not directly involved in information security 2/3 of companies don’t have a risk plan 83% of companies don’t have a cross organizational privacy/security team Less than ½ have a formal risk management plan—1/3 of the ones who do don’t consider cyber in the plan

What to Do… Good News: We know a lot about how to solve this problem--80-90% can be solved by using best practices and standards—most don’t due to cost Focus on Enterprise Education so companies understand total financial cyber risk Get a copy of “Financial Management of CyberRisk….A framework for CFO’s”

Cybersecurity Document

Cybersecurity Document Outlines an enterprise wide process to attack cyber security broadly and economically CFO strategies HR strategies Legal/compliance strategies Operations/technology strategies Communications strategies Risk Management/insurance strategies

What CFO Needs to Do Own the problem Appoint an enterprise wide cyber risk team Get other C-Level exec buy-in Develop an enterprise wide cyber risk management plan & budget Complete a comprehensive breach response plan Engage a breach response expert Implement the plan, analyze it regularly, test and reform

Human Resources Recruitment Awareness Remote Access Compensate for cyber security Discipline for bad behavior Manage social networking Beware of vulnerability especially from IT and former employees

Legal/Compliance Cyber Issues What rules/regulations apply to us and partners? Exposure to theft of our trade secrets? Exposure to shareholder and class action suits? Are we prepared for govt. investigations? Are we prepared for suits by customers and suppliers? Are our contracts up to date and protecting us?

Operations/IT What are our biggest vulnerabilities? Re-evaluate? What is the maturity of our information classification systems? Are we complying with best practices/standards How good is our physical security? Do we have an incident response plan? How long till we are back up?---do we want that? Continuity Plan? Vendors/partners/providers plan?

Communications Do we have a breach plan for multiple audiences? --general public --shareholders --Govt./regulators --affected clients --employees ---press

Insurance—Risk Management Are we covered? What can be covered How do we measure cyber losses? D and O exposure? Who sells cyber insurance & what does it cost? How do we evaluate insurance coverage?

Summary Cybersecurity is an enterprise problem….not an IT problem The risk is growing rapidly CFO is the best person to own and manage all aspects of the risk Look at this as a very strategic investment…..because it is!

www.idexpertscorp.com Robert Gregg CEO ID Experts Bob.gregg@idexpertscorp.com Breach line 800-xxx

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.