Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Slides:



Advertisements
Similar presentations
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Advertisements

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Audit Planning and Analytical Procedures Chapter 8.
Chapter 14 Assessing the Value of IT. Traditional Financial Approaches  ROI – Return on Investments Each area is considered an investment center ROI.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter.
First Practice - Information Security Management System Implementation and ISO Certification.
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.
MODULE 4 MARKETING STRATEGY A2 Marketing and Accounting and Finance Marketing Decision-making.
Self Assessment Feedback Logistics R Us GOLD Member.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
The Importance of Compliant Identity & Access Management in Insurance Tuncay Küçüktaş - Aksigorta Assistant General Manager, CIO.
Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.
Health, Safety and Environment Policy. We are a SafeProduction organization At Vale, we are committed to sustainable development. Meeting the needs of.
7 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 7.
Chapter Three IT Risks and Controls.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 8.
Overview of COBIT5 and Impact on Local Content for IT By Mrs Tokunbo Martins Director Banking Supervision (Central Bank of Nigeria)
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 8.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.
1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.
African Regional Director
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Company Name Description of Plan Todays Date. 24/01/2016 Objectives Your target = £X per annum. Average order value £X– then you need to work out how.
Chapter 8 Auditing in an E-commerce Environment
Governance for SMEs Nigeria
L. Marketing Strategies Marketing objectives, analysing markets and marketing, selecting marketing strategies and developing and implementing marketing.
A Strategy for the Business. INTRODUCTION BUSINESS VISION OBJECTIVES CHALLENGES PLANNING BUSINESS AND COMMERCIAL DEVELOPMENT STRATEGY Always Thinking.
Copyright  2006 McGraw-Hill Australia Pty Ltd PPTs t/a Management Accounting: Information for managing and creating value 4e Slides prepared by Kim Langfield-Smith.
What can “Economics of Information Security” do for SMEs Richard Henson, University of Worcester Bruce Hallas, Marmalade Box
The standard solutions to improving environmental performance Vicki Gomersall, Product Manager.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Primary Steps for Achieving ISO Certification.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 8.
JMFIP Financial Management Conference
Chapter 5 ASX Guidelines for Listed Companies
Risk Management and the Treasury Function
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Providing assurance on risk management and controls
Introduction to Business (MRK 151)
AS1: Business Studies (Quality Management) Quality Management
ISO Certification ISO is global standard specification for an information security management system. ISO Certification is applicable.
ISO Certification ISO Standard is specifies the requirements for a management system to reduce the risks and ensure your business recovers.
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
Audit Planning and Analytical Procedures
3.5 Presenting HPM to Senior Management
Value of internal auditing: Assurance, Insight, objectivity
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
Chapter 2.
Value of internal auditing: Assurance, Insight, objectivity
Developing & implementing business strategy
Value of internal auditing: Assurance, Insight, objectivity
Internal controls 01-Nov-2017.
Value of internal auditing: Assurance, Insight, objectivity
Presentation transcript:

Bruce Hallas Director Marmalade Box Ltd

UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number of known incidents Similar financial impact * BIS ISBS % ↑ in number of known incidents 20% ↑ in the financial impact

Why the difference? It is about people Cybercriminals are targeting softer targets. Attack techniques are changing. Technology enables storage of large amounts of data. Awareness & understanding amongst SME’s. Resource restraints upon SME’s. SME Priorities. Lack of appropriate & affordable external support.

Why should this be a concern to business leaders? Negative Risk Positive Risk Operational Reputational Compliance Productivity Competitive Average cost of known incident £12,500 Average number of known incidents 8 Total cost £100,000. Market differentiation Competitive advantage New products & services Greater profit margins 49% of ISO27001 certificates Tender requirements NPD 15% Higher Margin

What Can I Do? Be realistic there is no such thing as “secure”. Investment should be proportional to the impact upon overall strategy & value of information assets. Set your own appetite for risk don’t accept someone else’s. Ensure that appropriate controls are in place. Ensure these are implemented, maintained and reviewed effectively. Delegate responsibilities always remembering your own accountability.

ISO27001: parts: Independent & recognised management process & set of control guidelines. Certification or compliance. UKAS. Global recognised brand. Most widely adopted means of assurance. The foundation of many other security standards.

Benefits ↓ Negative risk to cash flow & profitability Reasonable & Appropriate ↑ revenue & profitability by leveraging customers negative risk Higher product margins & NPD

ISO27001 Management meetings Responsibilities & duties Auditing Risk assessment review Policies Procedures Technology User training & awareness Scope Asset Registry Risk Assessment Risk Decision Controls StrategyImplement MaintainReview

Forward 1. Is there a business case for achieving certification? 2. Choose a certification partner carefully. 3. Assess whether internal resources have skills/experience. 4. Identify appropriate external support. 5. Be realistic about timescales.

Thank You Mobile: Office:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.