Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Slides:

Advertisements

Similar presentations

Raising Entrepreneurial Capital

Advertisements

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Section 34.2 Handling Business Risks

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Security Controls – What Works

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Lecture 11 Reliability and Security in IT infrastructure.

Session 3 – Information Security Policies

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

SEC835 Database and Web application security Information Security Architecture.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

HIPAA COMPLIANCE PROTECT INFORMATION INCREASE RECYCLING SAVE MONEY.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

RISK MANAGEMENT. RISK IS INEVITABLE  From your research of local businesses, what Risk was unavoidable and why?  Speculative Vs. Pure Risk  Speculative=

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

AUGUST 25, 2015 Cyber Insurance:

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Kellie E. Tomeo, Esq Rampart International, LLC. AdvantageChallenge Increase existing security personnel productivity Increase existing facility personnel.

Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.

Confidential 1 Supply Chain Risk Management Framework Supply Chain Risk Leadership Council Zurich Case Study 30 January 2008 Confidential – Do Not Forward.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Pro-active Security Measures

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

Compliance August 18, Agenda Outline Status Draft of Answers.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Risk Management for Small & Medium Sized Enterprises

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Protecting your Managed Services Practice: Are you at Risk?

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

Management of Operational Risk. Regulatory Capital Perspective Credit Risk – Basel I (1987) Market Risk – (Amendment 1998) Credit Risk – Basel II (2005)

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Breakout Session 3 QHSE Strategic Risk Management.

Reach us at Call: | Visit:

Welcome to the ICT Department Unit 3_5 Security Policies.

Draft - Enterprise Risk Management Risk Universe

Managing a Cyber Event Steven P. Gibson President

Team 4 – Mack, Josh, Felicia, Kevin and Walter

Current ‘Hot Topics’ in Information Security Governance Auditing

Lecture 14: Business Information Systems - ICT Security

INFORMATION SYSTEMS SECURITY and CONTROL

Chapter 1: Information Security Fundamentals

Presentation transcript:

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk Management Aspects of the Business May 26 & 27

2 The Truth about Network Security “The only way to make a computer completely secure is to turn it off, disconnect it from the network, put it in a safe and throw away the combination!” Anonymous

3 Legal and Risk Management Issues Why is IT Security critical from a Legal Perspective? Why is IT Security critical from a Risk Management perspective?

4 Why is IT Security so Important? Prevent losses and damage to the business and customers – Time to react is getting shorter – Costs are increasing A regulatory compliance issue Critical for business trust

5 What are the key security risks? Viruses and worms Identity theft Targeted attacks Spam Supply chain and partners added to the network Mobile Workers

6 Legal Drivers for IT Security Legislation – Data Protection Act – US Trends Corporate Governance – Basel II – FSA – SOX Negligence – Concept of “reasonable care” – Compliance with standards Contract

7 Building Security into Contracts Importance of not losing control Major Contracts Issues – confidential information – audit rights – service levels – liability issues – tackling the unexpected Importance of managing the operational risk

8 Summary Be proactive about security Ensure contract is flexible Keep suppliers to a high standard and “security conscious”. Customer to have control over the relationship

Marsh Technology Conference 2005 Zurich, Switzerland. Risk Management

10 Risk Management and Best Practices Networking Issues Formal security program Encryption/Firewalls Monitor security threats Vulnerability scanning Investigate all security threats Formal DRP Crisis management plan Access authorization procedures Background checks Employee training

11 Security and Your Customers Do your products or services include security components? Do you generate revenue from providing to others mission critical (products or) services involving the handling, processing, transferring, storing or securing of non public, personal information used in the banking, financial service or medical or retail industries?

12 Risk Management and Best Practices Quality and support of products and services Contracts and agreements Operational controls Network reliability, redundancy and availability

13 Risk Management and Best Practices Quality and Support Alpha and Beta testing Formal customer acceptance procedures Vendor certification process Outsourced services

14 Risk Management and Best Practices Contracts and Agreements Standard contracts Limitation of liability to avoid consequential loss Disclaimers

15 Risk Management and Best Practices Operational Controls Contractual agreements with subcontractors and vendors Obtain proof of insurance

16 Risk Management and Best Practices Network Reliability, Redundancy and Availability Data back up Mirror sites Security updates (patches) on a timely basis

17 Examples of scenarios leading to claims Healthcare facility buys and installs a patient information management package Retailer uses software package for accepting and validating credit card information

18 Thank You