Protecting Knowledge Assets – Case & Method for New CISO Portfolio

Slides:



Advertisements
Similar presentations
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Advertisements

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Fraud Auditing Chapter 11.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Figure 1. Current Threat Landscape Sentiment From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Figure 1. Current Threat Landscape Sentiment
Information Security Management Goes Global
Cyber Insurance Risk Transfer Alternatives
Cybersecurity as a Business Differentiator
Law Firm Data Security: What In-house Counsel Need to Know
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Physical Security Governance Model
Information Security Program
New A.M. Best Cyber Questionnaire
Enterprise Mobility Suite Technical and Business Briefing
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Data Minimization Framework
Mysale Information Classification 101
Managing a Data Breach Prevention-Detection-Mitigation
Public Facilities and Cyber Security
Leverage What’s Out There
Cybersecurity Policies & Procedures ICA
Current ‘Hot Topics’ in Information Security Governance Auditing
Managing a Data Breach Prevention-Detection-Mitigation
NIST Cybersecurity Framework
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
Information Security: Risk Management or Business Enablement?
General Counsel and Chief Privacy Officer
Red Flags Rule An Introduction County College of Morris
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
INFORMATION SYSTEMS SECURITY and CONTROL
Mysale Information Classification 101
Cybersecurity ATD technical
The State of Cybersecurity in State Government NAST March 26, 2019
Strategic threat assessment
Cyber Security in a Risk Management Framework
DSC Contract Management Committee Meeting
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Security Policies and Implementation Issues
2019 Thales Global Cloud Security Study
Anatomy of a Common Cyber Attack
The state of digital supplier risk management: In partners we trust
Presentation transcript:

Protecting Knowledge Assets – Case & Method for New CISO Portfolio GRC-R10 Protecting Knowledge Assets – Case & Method for New CISO Portfolio Jon Neiditz Kilpatrick Townsend & Stockton LLP jneiditz@kilpatricktownsend.com @jonneiditz Dr. Larry Ponemon Darin Anderson Jeffrey Carr Ponemon Institute research@ponemon.org @ponemon CyberTECH darin@cyberhivesandiego.org @darinandersen Taia Global, Inc.; Suits and Spooks jc@taiaglobal.com @jeffreycarr

Understanding the risk to knowledge assets

The Study The Cybersecurity Risk to Knowledge Assets was conducted to determine whether the publicity accorded data breaches subject to notification laws has skewed the focus of organizations away from the theft or loss of their most critical information, and to provide helpful practices to reduce the risk. Knowledge assets are confidential information critical to a company’s core business ̶ other than personal information that would trigger notice requirements under law. More than 600 individuals familiar with a company's approach to managing knowledge assets and involved in the management process were surveyed.

* Theft Is Rampant 74% of respondents say that their company likely failed to detect a data breach involving the loss or theft of knowledge assets 60% state one or more pieces of their company’s knowledge assets are likely now in the hands of a competitor

Companies Don’t Know “What” or “How” * Companies Don’t Know “What” or “How” 31% of respondents say their company has a classification system that segments information assets based on value to the organization 28% rate their companies’ ability to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective

Bigger Risks Invisible to C-Suites & Boards * Bigger Risks Invisible to C-Suites & Boards 59% say a data breach involving knowledge assets impacts their company's ability to operate as a going concern 53% replied that senior management is more concerned about a data breach involving credit card information or SSNs than the leakage of knowledge assets

Only 32 percent of respondents say their companies’ senior management understands the risk caused by unprotected knowledge assets, and 69 percent believe that senior management does not make the protection of knowledge assets a priority. The board of directors is often even more in the dark. Merely 23 percent of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37 percent state that the board requires assurances that knowledge assets are managed and safeguarded appropriately. Heads in the Sand 69% believe that senior management does not make the protection of knowledge assets a priority 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately

Do you believe your company’s knowledge assets are targeted by nation state attacks?

The main motivations of attackers who steal a company’s knowledge assets 1 = most likely to 4 = least likely

The most likely root causes of data breaches 1 = most likely to 4 = least likely

Employee and third-party negligence puts knowledge assets at risk Strongly agree and Agree responses combined

Why is your company effective in protecting knowledge assets? More than one choice permitted

Why is your company not effective in protecting knowledge assets? More than one choice permitted

How to protect knowledge assets

6 Key Components of Action Planning 1. Governance 2. Data Classification 3. Security Infrastructure 4. Employees 5. Vendor Management 6. Coverage Senior Management/ Board Involvement Establishment of Responsibility Identify and Prioritize Knowledge Assets Safeguards Detection Response Awareness and Education Identity & Access Management Departing Employees Cloud Security Contractor Access Risk Allocation Cyber-Risk Other Coverage

AD 2. Data Classification: Examples of Restricted Knowledge Assets/Trade Secrets Test Records Alliances Sales Forecasts Techniques Customer Purchasing History Future Store Locations Models Customer Profiles Strategic Business Plans Supplier Lists Blueprints Formulas Recipes Designs Methods Of Manufacture Procedures Quality Control Data Source Code *

2. Data Classification: The “Golden Record” Golden Record = compilation of customer data gathered across numerous sources, stored in one place (e.g. website, store loyalty cards, contests, events) The “Golden Record” may constitute the jewel in the crown of many of our customers knowledge assets. Develop compliant big data arrangements that enhance and protect such critical customer records, and give companies broad rights to use such data Conduct initial survey to determine key data streams and current rights in such data, document data inventory. Develop proposed data rights based customer’s data strategy, regulatory requirements, industry standards, and business goals.

2. Global R&D Spending Shows Emerging Valuation of Networks Source: Jeffrey Carr

3. Security Infrastructure: Administrative, Technical & Physical Data classification based on risk Build data classification into levels of security safeguards Encryption and/or tokenization “Least Privilege” principle and role-based access Assure detection systems are focused on most important knowledge assets Intrusion Data loss prevention, preventing exfiltrations Copy protection and embedded codes to trace copies Restrict downloading of sensitive company information Assure incident response programs fully incorporate knowledge assets

The most important security technologies for protecting knowledge assets Eight choices permitted

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.